Re: BGP Monitoring

[TJ Trout]

bgp.tools

On Mon, Feb 26, 2024 at 9:54 AM Mehmet  wrote:

> I love bgp.tools ;) good product
>
> On Mon, Feb 26, 2024 at 12:49 Ben Cox via NANOG  wrote:
>
>> [Full Disclosure, the bgp.tools guy will of course tell you to use
>> bgp.tools]
>>
>> Unsure what the etiquette for self promotion is on this mailing list,
>> but I would happily recommend bgp.tools (the service I run). It
>> supports the development of the BGP toolkit at the same time.
>>
>> For myself (since I cannot really monitor myself with myself) I use
>> https://github.com/nttgin/BGPalerter
>>
>>
>> On Mon, 26 Feb 2024 at 17:43, Ray Orsini via NANOG 
>> wrote:
>> >
>> > What tools are you using to monitor BGP announcements and route changes?
>> >
>>
>

Re: Help with Frontier circuits AS5650

[TJ Trout]

Irr and rpki are both in order?

On Mon, Nov 20, 2023, 9:56 AM Dennis Burgess 
wrote:

> I have two frontier circuits that are not working correctly with BGP,
> prefixes that are announced are not showing in the global table etc.  Any
> frontier people can tell me where I can call to find someone that can
> assist.  End users are currently down ☹been calling numbers for the
> past hour, no one is picking up.
>
>
>
> *[image: LTI-Full_175px]*
>
> *Dennis Burgess*
>
>
> * Mikrotik : Trainer, Network Associate, Routing Engineer, Wireless
> Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security
> Engineer, Enterprise Wireless Engineer*
>
> *Hurricane Electric: **IPv6 Sage Level*
>
> *Cambium: **ePMP*
>
>
>
> Author of "Learn RouterOS- Second Edition”
>
> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>
> *Office*: 314-735-0270  Website: http://www.linktechs.net
>
> Create your own Tickets via https://hd.linktechs.net
>
> Create Wireless Coverage’s with www.towercoverage.com
>
> Need MikroTik Cloud Management: https://cloud.linktechs.net
>
> Remote Winbox Service: http://rwb.linktechs.net
>
>
>

Re: Out of ideas - Comcast issue BGP peering with Tata

[TJ Trout]

Is your IRR and RPKI roas all squared away?

On Fri, Nov 17, 2023, 8:12 AM Diego Eduardo Zorrilla Fierro (diefierr) via
NANOG  wrote:

> Im not sure, just thinking, maybe is a thing with the /24. Is it possible
> to you get from Comcast maybe a /22 ??
>
>
>
> Regards
>
> Diego
>
>
>
> *From: *NANOG  on behalf of
> Mike Hammett 
> *Date: *Friday, November 17, 2023 at 09:51
> *To: *Jamie Chetta 
> *Cc: *nanog@nanog.org 
> *Subject: *Re: Out of ideas - Comcast issue BGP peering with Tata
>
> This passing the buck thing was old a very long time ago.
>
> CDNs and security services are great at it too.
>
>
>
> -
> Mike Hammett
> Intelligent Computing Solutions
> http://www.ics-il.com
>
> Midwest-IX
> http://www.midwest-ix.com
>
>
> --
>
> *From: *"Jamie Chetta via NANOG" 
> *To: *nanog@nanog.org
> *Sent: *Friday, November 17, 2023 8:17:42 AM
> *Subject: *Out of ideas - Comcast issue BGP peering with Tata
>
> I am out of ideas on how to get this fixed.  Long story short I am a
> customer of Comcast and am advertising my own /24 block I own through
> them.  Comcast of course BGP peers with multiple ISPs.  Other ISPs are
> accepting my prefix just fine, except Tata.  This is causing random
> destinations to drop connectivity if Comcast routes it through them.
> Comcast has confirmed they are advertising my block to Tata and that the
> RPKI is good, however when you check the Tata looking glass you can see
> they’re not accepting it.
>
>
>
> I’ve tried escalating within Comcast who refuses to contact Tata as
> they’ve validated the issue is not on their end but they agree with my
> assessment that Tata is not accepting the prefix for some reason.
>
>
>
> I’ve tried multiple email for Tata support (below), but they all circle
> around to a helpdesk who says I do not have a circuit with them so they
> cannot help me.
>
>
>
> Is there anyone from Tata willing to contact me off list to help sort this
> out?  Or anyone with ideas on specifically why other ISPs are accepting my
> route but not Tata?  It would be greatly appreciated.
>
>
>
> Emails I’ve tried
>
> Corporate  Helpdesk corp.helpd...@tatacommunications.com
>
> Tata Communications IP Service Support( AS-6453)
> ipservicesupp...@tatacommunications.com
>
> IPNOC (Tata Communications - AS6453) ip...@tatacommunications.com
>
> l...@as6453.net
>
>
> Response from Tata:
>
> “Acknowledge your email.
>
>
>
> However, since you are not associated with TCL we would not be in a
> position to help you on this.
>
>
>
> Request you to contact comcast for the assistance that you are seeking
> from us.”
>
>
>
> Response from Comcast:
>
> “This was sent back to me as not us. Basically, it’s not a RADB or RPKI
> issue. This is being accepted and re-advertised to TATA but not being
> accepted on their end. But another route that we checked off of that same
> SUR is being advertised the same way and accepted by them off
> pe12.350ecermak.il.ibone as an example of the TATA looking glass.  I would
> suggest that you would probably need to work with other networks as to why
> those that are specific ones are not accepting the block but as previously
> mentioned it’s not a RADB or RPKI issue and as a result not a Comcast
> issue.”
>
>
>

Re: Hulu thinks we're a VPN provider.

[TJ Trout]

https://thebrotherswisp.com/index.php/geo-and-vpn/

On Thu, Oct 26, 2023, 10:50 AM richey goldberg 
wrote:

> Our ASN is under one our company names,  VPNtranet which was formed long
> before streaming services and consumer VPNs were a thing.   At no time have
> we or will we ever offer VPN services however we have recently been blocked
> by Hulu because they have assumed we’re a VPN provider. Trying to get
> to someone at Hulu has been challenging because the limited contact we have
> had with support has been a very futile effort.
>
>
>
> Does anyone have a contact or know how you can communicate with someone at
> Hulu has a clue?
>
>
>
>
>
> -richey
>

Google ISP portal repeatedly denied for peer

[TJ Trout]

Anyone from Google that could help get us isp portal access? We're directly
period with Google but continually get denied portal access. Ticket
72617.

Thank you in advance,

TJ Trout
Volt Broadband


-- Forwarded message -
From: TJ Trout 
Date: Tue, Oct 17, 2023, 6:06 AM
Subject: Google ISP portal denied for peer
To: nanog 


Anyone from Google that could help get us isp portal access? We're directly
period with Google but continually get denied portal access. Ticket
72617.

Thank you in advance,

TJ Trout
Volt Broadband

Re: Lumen Seattle Contact

[TJ Trout]

Seems like a quick call to the noc with a ticket number they could get
somebody dispatched in half a day or less

On Wed, Oct 11, 2023, 10:57 AM Brendan Carlson 
wrote:

> Hello All,
>
> I have a client in Seattle, they've been hard down since Sunday due to a
> replaced CL/Lumen switch in the building telephone room. They never got
> hooked up after the switch was replaced.
>
> Can someone please contact me off list about this?
>
> Thanks!
>

Re: AT Business Center completely broken for months - is it the norm?

[TJ Trout]

it's related to cookies, also if your getting a BC login your probably
paying too much (use wholesale)

On Tue, Oct 10, 2023 at 10:33 AM TJ Trout  wrote:

> use incognito mode
>
> On Mon, Oct 9, 2023 at 10:44 PM Daniel Marks via NANOG 
> wrote:
>
>> This has been the case with most AT systems I’ve had to use in the past
>> 5 years, FirstNet is even worse. As others suggested in trying different
>> browsers, I found that a lot of (especially older) corporate firewalls just
>> seem to hate AT websites and flipping on a VPN to  tends
>> to resolve most of my issues.
>>
>> -Dan
>>
>> > On Oct 9, 2023, at 23:41, Mirai Azayaka  wrote:
>> >
>> > Hi NANOG,
>> >
>> > Maybe this topic is better suited for the complaint department of AT
>> > but I just want to confirm if it's just me or it's just AT
>> >
>> > So I'm a new customer of AT's DIA network and I haven't been able to
>> > make a payment since day one. (And it has been several months.) Just
>> > wondering if a completely broken internal billing system is normal...
>> > I only have limited experience with Hurricane Electric and Equinix
>> > before. Wondering if Verizon or Comcast is also broken like AT Here
>> > are the issues I had with their system:
>> > - Clicking random links around the portal will give you HTTP 400
>> > errors, sometimes.
>> > - I'm unable to add payment methods even after following the payment
>> > tutorial exactly. The portal consistently gives HTTP 413 errors.
>> > - Live chat doesn't work at all. Clicking the button returns HTTP 404
>> > in my debugging console.
>> > - Extremely slow for some tasks which may result in a HTTP 408.
>> >
>> > The system feels like a collection of HTTP error codes... How can it
>> > be so broken? Are other ISP's internal billing systems broken like
>> > this? Looking for anecdotes / experiences.
>> >
>> > Azayaka
>>
>

Re: AT Business Center completely broken for months - is it the norm?

[TJ Trout]

use incognito mode

On Mon, Oct 9, 2023 at 10:44 PM Daniel Marks via NANOG 
wrote:

> This has been the case with most AT systems I’ve had to use in the past
> 5 years, FirstNet is even worse. As others suggested in trying different
> browsers, I found that a lot of (especially older) corporate firewalls just
> seem to hate AT websites and flipping on a VPN to  tends
> to resolve most of my issues.
>
> -Dan
>
> > On Oct 9, 2023, at 23:41, Mirai Azayaka  wrote:
> >
> > Hi NANOG,
> >
> > Maybe this topic is better suited for the complaint department of AT
> > but I just want to confirm if it's just me or it's just AT
> >
> > So I'm a new customer of AT's DIA network and I haven't been able to
> > make a payment since day one. (And it has been several months.) Just
> > wondering if a completely broken internal billing system is normal...
> > I only have limited experience with Hurricane Electric and Equinix
> > before. Wondering if Verizon or Comcast is also broken like AT Here
> > are the issues I had with their system:
> > - Clicking random links around the portal will give you HTTP 400
> > errors, sometimes.
> > - I'm unable to add payment methods even after following the payment
> > tutorial exactly. The portal consistently gives HTTP 413 errors.
> > - Live chat doesn't work at all. Clicking the button returns HTTP 404
> > in my debugging console.
> > - Extremely slow for some tasks which may result in a HTTP 408.
> >
> > The system feels like a collection of HTTP error codes... How can it
> > be so broken? Are other ISP's internal billing systems broken like
> > this? Looking for anecdotes / experiences.
> >
> > Azayaka
>

Re: Comcast contact sought

[TJ Trout]

It's a fraud tactic as far as I'm concerned, they markup internet only into
the hundreds of dollars a month, but if you bundle with security edge it's
very affordable, except after 12-36 months now it is even more expensive
than if you had just let them screw you initially.

On Mon, Sep 25, 2023, 6:16 AM Livingood, Jason via NANOG 
wrote:

> *> *I have been trying to assist someone with a business connection that
> runs a server farm.  Recently the business cable modem started to
> short-stop port 53 for UDP and TCP.  Apparently, a transparent DNS proxy
> somehow got activated and all outbound traffic to any IPv4 or IPv6 address
> is intercepted and handled by the modem – or not handled.
>
>
>
> Sounds like the person you helped turned on Security Edge. They can turn
> it off too at
> https://business.comcast.com/support/article/internet/securityedge-manage-settings.
>
>
>
>
> Jason
>

Re: Google Contact

[TJ Trout]

Having trouble using the route servers?

On Thu, Sep 14, 2023, 9:37 AM Pascal Masha  wrote:

> Hello Folks,
>
> Anyone from Google who can assist setup BGP peering through SFMIX IX,
> kindly contact me off list.
>
> Thanks
> Regards
>
> Paschal Masha
>

Re: Spam from ARIN to POC addresses

[TJ Trout]

I can help you get rid of pesky ARIN, let's start a 8.2 transfer!

On Tue, Sep 12, 2023 at 3:00 PM packetcat  wrote:

> At 14:01 and 14.46 EST I received two identical emails from
> meeti...@arin-events.net with the subject “Join us for ARIN 52 in
> October”. One was sent to the NOC POC address and one to the abuse POC
> address for my ASN.
>
> As far as I am aware, I never signed up for whatever that mailing list is
> and if I did I wouldn’t subscribe to it on those addresses. Furthermore, I
> am not seeing an unsubscribe button on either email. That makes both
> messages spam.
>
> Considering I’ve never received messages like those from ARIN on those
> addresses, I’ll give ARIN the benefit of the doubt and say someone
> accidentally imported the wrong list of emails into their MSP. I hope this
> is not the start of a new pattern of behaviour because that would not
> be…good to put it mildly.
>
> --
> packetcat
> https://bastetrix.com
>

Re: AT Business Class Contact

[TJ Trout]

Open a ticket

https://expressticketing.acss.att.com/

On Sat, Aug 19, 2023, 3:36 PM Harry Hoffman 
wrote:

> Hi Folks,
>
> We've got a campus out in Oakland, CA running on an ATT Fiber
> connection. We've been down since 3a PDT and we're unable to reach
> someone to get help.
>
> Anyone who can point us to a contact or in the right direction would
> be greatly appreciated.
>
> Cheers,
> Harry
>

Re: AT in Raleigh - Durham region (NC)

[TJ Trout]

Maybe post more details. Those union folks aren't going to do anything
extra...

On Thu, Aug 17, 2023, 12:41 AM Etienne-Victor Depasquale via NANOG <
nanog@nanog.org> wrote:

> No luck yet, and that's ok, but in case anyone is able to contact me (off
> list),
> I'd settle for anyone from the Global Tier 3 group of network engineers
> from AT
>
> Thank you!
>
> Etienne
>
> On Tue, Aug 15, 2023 at 12:43 PM Etienne-Victor Depasquale 
> wrote:
>
>> Hello good people,
>>
>> If anyone from AT in the Raleigh - Durham region (NC) would care to
>> contact me off list, I'd be grateful.
>>
>> Cheers,
>>
>> Etienne
>>
>> --
>> Ing. Etienne-Victor Depasquale
>>
>>
>
> --
> Ing. Etienne-Victor Depasquale
>
>

Re: Hawaiian ILEC infrastructure and fire

[TJ Trout]

I'm familiar with the island, it's it's puzzling that the major 3 cell
carriers would accept a single point of failure like that, you would think
they had microwave backup at minimum. Maybe it was a generator issue.

I'm sure a few cells burned but there are over ten on the west side so they
didn't all burn.

Feet on the ground are reporting they brought in at least a few COWS
(cellular on wheels/portable cell site trucks)

On Thu, Aug 17, 2023, 12:53 AM William Herrin  wrote:

> On Wed, Aug 16, 2023 at 6:43 PM scott via NANOG  wrote:
> > Last, it's an island and diverse paths are
> > short in number.
>
> To put it into perspective: there are exactly TWO roads that can get
> you from Lahaina back to Kahului and the airport. One of them is a
> narrow, cliff-hugging single lane road that is more or less paved.
>
> Though I am curious about the Paniolo cable landing in Lahaina. Did it
> survive? HICS and HIFN land in Kihei instead, right?
>
> Regards,
> Bill Herrin
>
>
>
> --
> William Herrin
> b...@herrin.us
> https://bill.herrin.us/
>

Re: Hawaiian ILEC infrastructure and fire

[TJ Trout]

I found it interesting that *all*? cellular service on west maui died? Does
every carrier single-home via waves served out of the Lahaina CO? Or maybe
they aren't allowed to have generators in Maui? Seems like they would have
diverse paths to major sites

On Tue, Aug 15, 2023 at 6:55 PM scott  wrote:

>
>
> > On Tue, Aug 15, 2023, 5:21 PM scott via NANOG  >
> > On 8/11/23 4:06 AM, Mark Tinka wrote:
> >  > It's like a war zone.
> >
> > Yes, it definitely looks like that. We have connectivity to some of
> the
> > edges and have put up hotspots, so folks can go to the hotspot areas
> > and
> > get internet access.
>
>
> On 8/16/23 12:39 AM, TJ Trout wrote:
>
>  > Scott: Just an FYI that anecdotal reports from social media coming in or
>  > stating that residents have been unable to connect to the Wi-Fi hotspots
>  > that the local government have been promoting in the Lahaina area.
> --
>
>
> I don't have anything to do with that as I work in the core and we got
> the node up for west Maui, so I am done. (:  But I wonder if those are
> different wifis.  I'd imagine the focus now is plant poles, hang fiber
> and get the Access part of the network fully up before getting those up,
> if they're the same ones.
>
> scott
>

Re: Hawaiian ILEC infrastructure and fire

[TJ Trout]

Scott: Just an FYI that anecdotal reports from social media coming in or
stating that residents have been unable to connect to the Wi-Fi hotspots
that the local government have been promoting in the Lahaina area.

On Tue, Aug 15, 2023, 5:21 PM scott via NANOG  wrote:

>
>
> On 8/11/23 4:06 AM, Mark Tinka wrote:
> > It's like a war zone.
>
>
> Yes, it definitely looks like that. We have connectivity to some of the
> edges and have put up hotspots, so folks can go to the hotspot areas and
> get internet access.
>
> scott
>

Re: Facebook IP Geolocation

[TJ Trout]

Have you checked these?

https://thebrotherswisp.com/index.php/geo-and-vpn/

On Fri, Apr 28, 2023, 1:58 AM Peter Potvin via NANOG 
wrote:

> Hey all,
>
> Recently a customer reached out to us regarding an IP of ours in Canada
> that Facebook is somehow placing within China, despite our geolocation in
> other databases showing up correctly as they're ingesting our geofeeds as
> we had requested.
>
> Does anyone know which geolocation databases Facebook uses, and if
> possible a contact at Meta we can reach out to so that this can be
> investigated further?
>
> Thanks in advance!
>
> Regards,
> Peter Potvin | Executive Director
>
> --
> *Accuris Technologies Ltd.*
>

Re: Dormant space on blacklists, how can I resolve this?

[TJ Trout]

https://thebrotherswisp.com/index.php/geo-and-vpn/

On Thu, Apr 27, 2023 at 6:51 AM Matthew Crocker 
wrote:

>
> Hello,
>
>
>
> I run Crocker Communications (AS7849) and have ARIN allocations of
> 161.77.0.0/16 & 66.59.48.0/20.   The 66.58.48.0/20 space was used for our
> datacenter which shutdown a couple years ago.  The space has mostly been
> dormant for the past couple years.   I’m now starting to assign
> 66.59.[55-60].0/24 to a new group of residential FTTH customers.   The
> customers are getting access denied messages from Akamai based websites.
>
>
>
> What can I do to get Akamai to unblock the 66.59.48.0/20 space.
>
> Is there a website I can look to research the reputation of the subnets?
> They haven’t been used in years so I would expect them to be pretty clean.
>
>
>
> Thanks
>
>
>
> -Matt
>
>
>
>
>

Re: Comcast circuit guru lurking?

[TJ Trout]

if it's an EPL they default to 2000 mtu max, if you want jumbo frames they
must be requested with your sales person

On Wed, Dec 14, 2022 at 10:39 AM Bryan Holloway  wrote:

> Looking for some help or direction with MTU issues on a recently
> installed point-to-point circuit.
>
> Attempts to rectify have involved front-line PMs/folks who don't grok
> the problem.
>
> Please contact me off-list, thank you!!
>
> - bryan
>

Re: Thoughts on the Services Offered

[TJ Trout]

we use all 3 and love them

On Sat, Oct 1, 2022 at 1:10 PM Mann, Jason via NANOG 
wrote:

> Anyone using the below or any plus/negatives for the using these services?
>
>
>
> Community Services | Team Cymru (team-cymru.com)
> 
>
>Nimbus Threat Monitor | Team Cymru (team-cymru.com)
> 
>
>DDOS Mitigation using UTRS | Team Cymru (team-cymru.com)
> 
>
>Bogon Reference | Team Cymru (team-cymru.com)
> 
>
>
>
>
>
>
>
>
> *---*
>
>
>
>
>
> *Jason Mann*
>
> LAN/WAN Engineer
>
> State Information Technology Services Division
>
> Department of Administration
>
> *DESK* 406.444.1786 * FAX* 406.444.5545
>
> *sitsd.mt.gov* *  |  **map*
>  * |  jam...@mt.gov
>   |  **Facebook* 
>
>
>
> *SERVICE FIRST!*
>
> *Submit an Incident*
> *
>  |
> **Search our Knowledge Base*
>  * |  **Request
> a Service*
> 
>
>
>
>
>
>
>

Re: ROA Will Expire Soon - ARIN

[TJ Trout]

And create the new roa for ten or whatever the max time is

On Fri, Sep 9, 2022, 7:28 AM TJ Trout  wrote:

> Just make a new roa for the same prefixes, you don't even need to delete
> the old one.
>
> On Fri, Sep 9, 2022, 7:18 AM Peter Potvin via NANOG 
> wrote:
>
>> I have been wondering the same thing when it comes to how ARIN's hosted
>> RPKI ROAs handle renewal. Do they automatically renew by default, do we
>> need to delete and re-create the ROA or do we have to reach out to the
>> helpdesk every time one is due to expire?
>>
>> ~ Peter
>>
>> On Fri., Sep. 9, 2022, 10:12 a.m. Ca By,  wrote:
>>
>>>
>>>
>>> On Fri, Sep 9, 2022 at 5:21 AM John Sweeting  wrote:
>>>
>>>> You can contact the ARIN Helpdesk at +1-703-227-0660. Someone will also
>>>> be sending you an email off list.
>>>>
>>>
>>> John
>>>
>>> Where is ARIN’s documented procedure for how hosted ROAs handle renewal
>>> prior to expiration ?
>>>
>>>
>>>
>>>> Sent from my iPhone
>>>>
>>>> > On Sep 9, 2022, at 8:01 AM, Terrance Devor 
>>>> wrote:
>>>> >
>>>> > 
>>>> > Can someone from ARIN please reach out to me. We don't want the ROA
>>>> to expire...
>>>> >
>>>> > Kind Regards,
>>>> > Terrance
>>>>
>>>
>> The information contained in this message may be privileged, confidential
>> and protected from disclosure. This message is intended only for the
>> designated recipient(s). It is subject to access, review and disclosure by
>> the sender's Email System Administrator. If you have received this message
>> in error, please advise by return e-mail so that our address records can be
>> corrected and please delete immediately without reading, copying or
>> forwarding to others. Any unauthorized review, use, disclosure or
>> distribution is prohibited.
>> Copyright © 2022 Accuris Technologies Ltd. All Rights Reserved.
>>
>> L'information contenue dans ce message pourrait être de nature
>> privilégiée, confidentielle et protégée contre toute divulgation. Ce
>> message est destiné à l'usage exclusif du(des) destinataire(s) visé(s). Le
>> gestionnaire de système du courrier électronique de l'expéditeur pourrait
>> avoir accès à ce message, l'examiner et le divulguer. Si ce message vous
>> est transmis par erreur, veuillez nous en aviser par courrier électronique
>> à notre adresse, afin que l'on puisse corriger nos registres, puis veuillez
>> le supprimer immédiatement, sans le lire, le copier ou le transmettre à des
>> tiers. Tout examen, toute utilisation, divulgation ou distribution non
>> autorisé de cette information est interdit.
>> Droit d'auteur ©  2022  Accuris Technologies Ltd. Tous droits réservés.
>>
>

Re: ROA Will Expire Soon - ARIN

[TJ Trout]

Just make a new roa for the same prefixes, you don't even need to delete
the old one.

On Fri, Sep 9, 2022, 7:18 AM Peter Potvin via NANOG  wrote:

> I have been wondering the same thing when it comes to how ARIN's hosted
> RPKI ROAs handle renewal. Do they automatically renew by default, do we
> need to delete and re-create the ROA or do we have to reach out to the
> helpdesk every time one is due to expire?
>
> ~ Peter
>
> On Fri., Sep. 9, 2022, 10:12 a.m. Ca By,  wrote:
>
>>
>>
>> On Fri, Sep 9, 2022 at 5:21 AM John Sweeting  wrote:
>>
>>> You can contact the ARIN Helpdesk at +1-703-227-0660. Someone will also
>>> be sending you an email off list.
>>>
>>
>> John
>>
>> Where is ARIN’s documented procedure for how hosted ROAs handle renewal
>> prior to expiration ?
>>
>>
>>
>>> Sent from my iPhone
>>>
>>> > On Sep 9, 2022, at 8:01 AM, Terrance Devor 
>>> wrote:
>>> >
>>> > 
>>> > Can someone from ARIN please reach out to me. We don't want the ROA to
>>> expire...
>>> >
>>> > Kind Regards,
>>> > Terrance
>>>
>>
> The information contained in this message may be privileged, confidential
> and protected from disclosure. This message is intended only for the
> designated recipient(s). It is subject to access, review and disclosure by
> the sender's Email System Administrator. If you have received this message
> in error, please advise by return e-mail so that our address records can be
> corrected and please delete immediately without reading, copying or
> forwarding to others. Any unauthorized review, use, disclosure or
> distribution is prohibited.
> Copyright © 2022 Accuris Technologies Ltd. All Rights Reserved.
>
> L'information contenue dans ce message pourrait être de nature
> privilégiée, confidentielle et protégée contre toute divulgation. Ce
> message est destiné à l'usage exclusif du(des) destinataire(s) visé(s). Le
> gestionnaire de système du courrier électronique de l'expéditeur pourrait
> avoir accès à ce message, l'examiner et le divulguer. Si ce message vous
> est transmis par erreur, veuillez nous en aviser par courrier électronique
> à notre adresse, afin que l'on puisse corriger nos registres, puis veuillez
> le supprimer immédiatement, sans le lire, le copier ou le transmettre à des
> tiers. Tout examen, toute utilisation, divulgation ou distribution non
> autorisé de cette information est interdit.
> Droit d'auteur ©  2022  Accuris Technologies Ltd. Tous droits réservés.
>

Re: VPN-enabled advance fee fraud

[TJ Trout]

ExpressVPN does NOT and WILL NEVER log:
IP addresses (source or VPN)

Browsing history

Traffic destination or metadata

DNS queries

We have carefully engineered our apps and VPN servers to categorically
eliminate sensitive information. As a result, ExpressVPN can never be
compelled to provide customer data that does not exist.

On Mon, Mar 21, 2022, 7:11 AM Andrew G. Watters  wrote:

> Nutshell version: a group of criminals who appear to be in Mexico have
> created an entire fake law firm and deal flow in the U.S., with
> Photoshopped notary seals and wire instructions.  They reportedly use
> ExpressVPN-- the owner of the IP block used by the suspects states that
> it leased the IP block to ExpressVPN under a Letter of Authorization.
>
> The suspects make money by causing victims to wire advance fees to
> Mexico as part of selling their timeshares, and possibly other
> transactions.  My client has lost $70k or so thus far.  He has received
> legit-looking documents, but upon even a cursory electronic inspection
> they are obvious forgeries.  So this gang is savvy enough to steal
> money, but really reckless as well, which may explain why they are
> risking clicking on my links as well.  I spoke with the lawyer who they
> are impersonating, and it was news to him that he is in New York City
> running a law firm considering that he retired in another state many
> years ago.
>
> So the suspects are offshore and I'm not sure what I can do.  But I
> would still rather have their IP addresses than nothing.  Can I have a
> recommendation on the best way to pursue user data from VPN providers
> such as ExpressVPN?  I already sent in a notice to preserve logs for the
> involved ASN, and I'm headed to Federal court in the next few days to
> see if I have a chance to get even some of the victim's money back-- or
> at least an injunction shutting down the suspects' online presence.  Any
> tips on getting VPN user data (or best practices in this type of
> situation) would be greatly appreciated.
>
> Best,
>
> Andrew Watters
>
> --
> Andrew G. Watters
> Rællic Systems
> and...@raellic.com
> +1 (415) 261-8527
> https://www.raellic.com
>

Re: CenturyLink Fiber Latency Issues (Seattle, WA)

[TJ Trout]

I second this, most best effort Broadband cpe equipment will choke with
lots of concurrent connections

On Tue, Nov 2, 2021, 8:25 PM P C  wrote:

> If this is connection count related only, It is most likely an issue with
> the CPE (router), NAT table, or similar.
>
> On Tue, Nov 2, 2021 at 8:21 AM Neel Chauhan  wrote:
>
>> I tried that back in September, it didn't work. It doesn't happen on my
>> hop but the one after that. Even a second GPON connection shows the
>> issues if one is running the offending traffic.
>>
>> The issue occurs even if I'm using 50 Mbps out of my 940.
>>
>> It may be bufferbloat on CL's side but they keep denying the issue.
>>
>> I guess I'll have to break the bank and get Comcast Gigabit Pro.
>>
>> CenturyLink should just get bought out by another telco, like how
>> Cablevision got bought by Altice.
>>
>> -Neel
>>
>> On 2021-11-01 20:52, Ryan Hamel wrote:
>> > Neel,
>> >
>> > Sounds like buffer bloat.
>> >
>> > Run a speed test, whatever is your maximum for your download and upload
>> > take
>> > 10% away from it, and setup traffic shaping in OPNsense
>> > (https://docs.opnsense.org/manual/shaping.html) with those values. If
>> > the
>> > issue goes away, then you're exceeding the buffer of CenturyLink's
>> > device
>> > with the bursts of traffic.
>> >
>> > Ryan
>> >
>> > -Original Message-
>> > From: NANOG  On Behalf Of
>> > Neel
>> > Chauhan
>> > Sent: Monday, November 1, 2021 6:44 PM
>> > To: nanog@nanog.org
>> > Subject: CenturyLink Fiber Latency Issues (Seattle, WA)
>> >
>> > Hi NANOG Mailing List,
>> >
>> > I don't know if any of you work at CenturyLink/Lumen, very less on
>> > their
>> > Fiber network in Seattle, WA. However, here's my story.
>> >
>> > If I attempt to run certain applications that use 1000, or 1 TCP
>> > connections, I get latency spikes. It is based on how many connections,
>> > but
>> > also how much bandwidth is used. This means certain things like Tor
>> > relays
>> > are off limits to me (which I wish to run).
>> >
>> > On an idle connection, the PingPlotter outputs look like this:
>> > https://centurylinklatencyissues.com/image-000.png
>> >
>> > If I attempt to run BitTorrent with 1000 connections in Deluge,
>> > PingPlotter
>> > looks like this:
>> > https://centurylinklatencyissues.com/image-002.png
>> >
>> > Getting support, or even executive contacts to admit the issue hasn't
>> > worked. They all love to blame my equipment or applications, when CL
>> > routers
>> > also show the issue when I run the same things whereas my same exact
>> > OPNsense box on Google Fiber Webpass running Tor at another address had
>> > no
>> > issues whatsoever, and I can ping other Tor relays on CenturyLink AS209
>> > just
>> > fine (from a VPS).
>> >
>> > The most competent person I dealt with was actually one tech. He told
>> > me
>> > there was "capacity issues" in our neighborhood, and that's the reason
>> > for
>> > the issues. However, nothing was done about it afterwards, I'm guessing
>> > since I turned off my Tor relay after the visit to avoid complaints
>> > from
>> > family members.
>> >
>> > On an AT forum, people have said GPON gives latency spikes/packet
>> > loss on
>> > congestion:
>> >
>> https://www.dslreports.com/forum/r33242889-How-rare-is-GPON-XGSPON-saturatio
>> > n
>> >
>> > The capacity managers in Seattle are literally dragging their feet:
>> > it's
>> > 100x worse than AT's 802.1X. I know AT and CenturyLink don't
>> > compete,
>> > but if I had to choose between AT Fiber and CenturyLink, I'll take
>> > AT in
>> > a heartbeat, no ifs, no buts, even if I have to use AT's crappy
>> > router
>> > instead of my OPNsense box.
>> >
>> > Going back, do any of you who work at CenturyLink/Lumen can get me to
>> > the
>> > right people, hopefully the capacity managers in Seattle?
>> >
>> > I could go with Comcast, but it's either (a) 35 Mbps uploads or (b)
>> > $329/mo
>> > for "Gigabit Pro" with a 2-year contract and a steep install fee. I am
>> > seriously considering Gigabit Pro even if it breaks the bank, but hope
>> > I
>> > won't have to go there.
>> >
>> > I don't need 2 Gbps and would rather pay $65 than $329. 300-500 Mbps
>> > uploads
>> > when I need it is the sweet spot for me (even without Tor) which CL
>> > GPON
>> > should easily handle without a sweat. I also don't exactly
>> > **trust** Comcast, they're a horrible company in many metrics, but in
>> > some
>> > ways Comcast is more competent than CenturyLink.
>> >
>> > Best,
>> >
>> > Neel Chauhan
>>
>

Re: Comcast? Layer2 / ELAN

[TJ Trout]

I would request an on-site rfc test that should clear things up quickly

On Fri, Oct 29, 2021 at 11:17 AM Joe Carroll  wrote:

> Greetings Fellow Nanog'ers
>
> Are there any Comcast engineers in the group that could help to sort out a
> 10GB layer2 ELAN issue in Florida?
>
> We are short of cancelling this circuit that has been in for a couple of
> days.
>
> We cannot pass above 1GB on this circuit...  10GB SFPs on both ends, 10GB
> price, 1GB service...   the team refuses to investigate, dispatch, or
> otherwise act in any way that is customer oriented.
>
> Regards,
> -Joe
>

Re: AT Ethernet sales contact

[TJ Trout]

Fyi there are 3 main ways to buy at direct retail, through an agent and
through a carrier with an att wholesale agreement.

If your looking for DIA that is price fixed no matter the sales channel,
but transport is a fish market... We have sold circuits to customers at
over 50% less than retail quotes so make sure to do your due diligence.

TJ Trout
Volt Broadband

On Thu, Sep 9, 2021, 1:21 PM Brandon Martin 
wrote:

> Can anyone provide a sales contact at AT for Ehhernet transport in
> Indiana/Illinois/Ohio?
>
> Unicast replies welcome.
>
> --
> Brandon Martin
>

Re: AT Fiber Line / NOT MIS

[TJ Trout]

Yeah not going to happen on U-verse

On Thu, Jun 10, 2021 at 11:32 AM Dennis Burgess 
wrote:

> Guess their broadband stuff☹
>
>
>
>
>
> *[image: LTI-Full_175px]*
>
> *Dennis Burgess*
>
>
> Author of "Learn RouterOS- Second Edition”
>
> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>
> *Office*: 314-735-0270  Website: http://www.linktechs.net
>
> Create Wireless Coverage’s with www.towercoverage.com
>
> Need MikroTik Cloud Management: https://cloud.linktechs.net
>
>
>
> *From:* TJ Trout 
> *Sent:* Thursday, June 10, 2021 1:12 PM
> *To:* Dennis Burgess 
> *Cc:* nanog@nanog.org
> *Subject:* Re: AT Fiber Line / NOT MIS
>
>
>
> call back, i dont think that's accurate. What is the specific product?
>
>
>
> On Thu, Jun 10, 2021 at 7:25 AM Dennis Burgess 
> wrote:
>
> I have a ATT fiber line for a customer that has a 300/300 circuit, but its
> not a MIS they are telling me we cannot route a /26 (they have allocated)
> to my device behind it.  ☹  Any options?
>
>
>
>
>
> *Dennis Burgess*
>
>
> * Mikrotik : **Trainer, Network Associate, Routing Engineer, Wireless
> Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security
> Engineer, Enterprise Wireless Engineer*
>
> *Hurricane Electric: **IPv6 Sage Level*
>
> *Cambium: **ePMP*
>
>
>
> Author of "Learn RouterOS- Second Edition”
>
> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>
> *Office*: 314-735-0270  Website: http://www.linktechs.net
>
> Create Wireless Coverage’s with www.towercoverage.com
>
> Need MikroTik Cloud Management: https://cloud.linktechs.net
>
> *How did we do today?*
>
>
> <https://app.customerthermometer.com/?template=log_feedback=5badbac1_data=dGVtcGVyYXR1cmVfaWQ9MSZ0aGVybW9tZXRlcl9pZD0xMTM1NjYmbnBzX3JhdGluZz0tMQ===Anonymous=Dennis=Burgess===>
>
>
>
>

Re: AT Fiber Line / NOT MIS

[TJ Trout]

call back, i dont think that's accurate. What is the specific product?

On Thu, Jun 10, 2021 at 7:25 AM Dennis Burgess 
wrote:

> I have a ATT fiber line for a customer that has a 300/300 circuit, but its
> not a MIS they are telling me we cannot route a /26 (they have allocated)
> to my device behind it.  ☹  Any options?
>
>
>
>
>
> *[image: LTI-Full_175px]*
>
> *Dennis Burgess*
>
>
> * Mikrotik : **Trainer, Network Associate, Routing Engineer, Wireless
> Engineer, Traffic Control Engineer, Inter-Networking Engineer, Security
> Engineer, Enterprise Wireless Engineer*
>
> *Hurricane Electric: **IPv6 Sage Level*
>
> *Cambium: **ePMP*
>
>
>
> Author of "Learn RouterOS- Second Edition”
>
> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>
> *Office*: 314-735-0270  Website: http://www.linktechs.net
>
> Create Wireless Coverage’s with www.towercoverage.com
>
> Need MikroTik Cloud Management: https://cloud.linktechs.net
>
> *How did we do today?*
>
> [image: Gold Star]
> [image:
> Green Light]
> [image:
> Yellow Light]
> [image:
> Red Light]
> 
>
>
>

Re: Arin taking down raking

[TJ Trout]

raking=rpki+spell check

On Thu, Jun 3, 2021, 1:32 PM Christopher Morrow 
wrote:

> what is raking?
>
> On Thu, Jun 3, 2021 at 3:29 PM John Alcock  wrote:
>
>> This looks special?
>>
>>
>> https://www.bleepingcomputer.com/news/security/arin-will-take-down-its-rpki-for-30-minutes-to-test-your-bgp-routes/
>>
>

Re: Trouble Playing Multiplayer Games from Reallocated IP Space

[TJ Trout]

check the brothers wisp geoip page

On Wed, Mar 3, 2021 at 7:40 AM Tim Nowaczyk 
wrote:

> Hey NANOG,
>
> We have seen an issue where our customers who have IP addresses that are
> directly allocated to us can play online multiplayer games (NBA2k, NBA2k21,
> Fallout 76, and Stardew Valley were mentioned specifically) but when they
> have an IP that was reallocated to us by one of our Upstreams (Server
> Central), these games no longer work. I know NBA2k is behind Prolexic, but
> not sure about the others. 2k Games says that we, the ISP, must be blocking
> something, but there’s absolutely no difference in how data moves from our
> internet edge to the customer whether they have one of our IPs or one of
> the reallocated ones. We noticed that one geocoding provider has our
> reallocated IPs flagged as “hosting” IPs and maybe 2k is using some
> metadata like that to block our IPs.
>
> Does anyone have a contact at Prolexic who might be able to help?
>
> Thanks,
> Tim Nowaczyk
>
> --
> *Timothy Nowaczyk*  |  *Senior Network Manager*
> *office*  703.554.6622  | * mobile*  571.318.9434
>
>

Re: Google Fiber abuse address does not exist

[TJ Trout]

Did you try opening a ticket with arin?

On Thu, Feb 18, 2021 at 2:00 PM Chris Boyd  wrote:

> Can someone at ARIN tell them they need to fix this?
>
> From whois 136.32.164.64:
> OrgAbuseHandle: GFA32-ARIN
> OrgAbuseName:   Google Fiber Abuse
> OrgAbusePhone:  +1-650-253-
> OrgAbuseEmail:  ab...@googlefiber.net
> OrgAbuseRef:https://rdap.arin.net/registry/entity/GFA32-ARIN
>
> Email response:
>   - The following addresses had permanent fatal errors -
> 
>(reason: 550-5.1.1 The email account that you tried to reach does not
> exist. Please try)
>
>   - Transcript of session follows -
> ... while talking to gmr-smtp-in.l.google.com.:
> >>> DATA
> <<< 550-5.1.1 The email account that you tried to reach does not exist.
> Please try
> <<< 550-5.1.1 double-checking the recipient's email address for typos or
> <<< 550-5.1.1 unnecessary spaces. Learn more at
> <<< 550 5.1.1  https://support.google.com/mail/?p=NoSuchUser
> kk5si203161pjb.1 - gsmtp
> 550 5.1.1 ... User unknown
> <<< 503 5.5.1 RCPT first. kk5si203161pjb.1 - gsmtp
> Reporting-MTA: dns; lenny.gizmopartners.com
> Received-From-MTA: DNS; 136-49-160-191.googlefiber.net
> Arrival-Date: Thu, 18 Feb 2021 21:52:38 GMT
>
> Final-Recipient: RFC822; ab...@googlefiber.net
> Action: failed
> Status: 5.1.1
> Remote-MTA: DNS; gmr-smtp-in.l.google.com
> Diagnostic-Code: SMTP; 550-5.1.1 The email account that you tried to reach
> does not exist. Please try
> Last-Attempt-Date: Thu, 18 Feb 2021 21:52:39 GMT
>
>

Re: Suspicious IP reporting

[TJ Trout]

This seems like a highly suspect request coming from a North American
network operator...?


On Thu, Feb 4, 2021 at 10:23 AM JoeSox  wrote:

>
> This IP is hitting devices on cellular networks for the past day or so.
>   https://www.abuseipdb.com/whois/79.124.62.86
> I think this is the info to report it to the ISP.  Any help or if everyone
> can report it, I would be a happy camper.
>
> ab...@4cloud.mobi; ab...@fiberinternet.bg
>
> https://en.asytech.cn/check-ip/79.124.62.25#gsc.tab=0
>
> --
> Thank You,
> Joe
>

Re: A letter from the CEO

[TJ Trout]

When I saw the 'lady ben cannon' I thought we were about to be the lucky
recipient of a large sum of money left by a prince, I'm fairly disappointed
now.

On Fri, Nov 20, 2020 at 3:09 PM Aaron C. de Bruyn via NANOG 
wrote:

> > high speed, safe, secure global fiber connectivity
>
> More importantly, can someone tell me what 'safe global fiber
> connectivity' is?  As opposed to 'unsafe global fiber connectivity'?
>
> Do these guys have the market cornered on not string fiber optic cable at
> throat-level across roads or something?
>
> Freaking marketing droids.
>
> -A
>
> On Fri, Nov 20, 2020 at 2:25 PM Josh Luthman 
> wrote:
>
>> Got this message to me directly as well as through the list.
>>
>> @6x7 this list is *NOT* to be scrapped for email addresses for your
>> marketing purposes.  This is complete garbage.  I'll be sending a message
>> directly to k...@6by7.net as well.
>>
>> Josh Luthman
>> 24/7 Help Desk: 937-552-2340
>> Direct: 937-552-2343
>> 1100 Wayne St
>> Suite 1337
>> Troy, OH 45373
>>
>>
>> On Fri, Nov 20, 2020 at 5:19 PM 6x7 Networks - Lady Benjamin, CEO <
>> b...@6by7.net> wrote:
>>
>>>
>>>
>>> *A letter from the CEO of 6x7: 6x7 Networks and Communications Authority
>>> of Kenya announce type approval to import 8tbps/second internet routers.*
>>>
>>> Hi, Lady Benjamin from 6x7 here, and I'm proud to share with you an
>>> update on me and the company.
>>>
>>> Through our adjunct division, 6x7 just received type approval from the
>>> Kenyan government to import core routers capable of over 8tbps (8 terrabits
>>> per second).  This will enable us to enter the Kenyan IP transit and
>>> transport markets, and service both datacenter and soon office buildings
>>> and eventually residences with high speed, safe, secure global fiber
>>> connectivity.   The market in Kenya is severely impacted now due to limited
>>> fiber availability, and 6x7 will leverage it's undersea connections to
>>> bring more wholesale bandwidth into the area, creating the economy by which
>>> we expect to grow.
>>> Thanks for reading, I'll be doing a regular set of these newsletters,
>>> and if you like them or want to reach out, please contact us at
>>> k...@6by7.net!
>>> -LB
>>> Ms. Lady Benjamin Cannon, ASCE.
>>> Find Out More
>>> 
>>> [image: Facebook]
>>> 
>>> [image: Twitter]
>>> 
>>> [image: Link]
>>> 
>>> [image: Website]
>>> 
>>> *Copyright © 2020 6x7 Networks, LLC, All rights reserved.*
>>> You are receiving this email because you opted in via our website.
>>>
>>> *Our mailing address is:*
>>> 6x7 Networks, LLC
>>> 44 montgomery st
>>> suite 2310
>>> San Francisco, CA 94104
>>>
>>> Add us to your address book
>>> 
>>>
>>>
>>> Want to change how you receive these emails?
>>> You can update your preferences
>>> 
>>> or unsubscribe from this list
>>> .
>>>
>>>
>>> [image: Email Marketing Powered by Mailchimp]
>>> 
>>>
>>

Re: ARIN hosted RPKI key rotation

[TJ Trout]

I believe it's manual, ten years and you need to update the roa.

On Fri, Nov 20, 2020, 6:55 AM Ca By  wrote:

> Hello folks,
>
> I use ARIN hosted RPKI to publish ROAs
>
> The ROAs have an expire date
>
> How do i rotate the cert to push out the expiration date?  Does ARIN do
> this for me?
>
> Thanks!
>

Re: Incorrect GeoIP filtering of 185.83.72.0/22

[TJ Trout]

http://thebrotherswisp.com/index.php/geo-and-vpn/

If you find anything not on our list let me know

On Fri, Oct 30, 2020, 6:38 PM Adam Pavlidis  wrote:

> Hello,
>
> We are reaching out to NANOG since the following issue is mostly observed
> in US-based service providers.
>
> We are advertising the prefix *185.83.72.0/22 *,
> that seems to be blocked by various popular US-based services, thus our
> customers originating from this prefix have trouble reaching such services.
> Indicatively:
>
> Atlassian (AMAZON), Adobe (AKAMAI) .
>
> To the best of our understanding, the blocking is enforced due to US / EU
> sanctions against Iran. The prefix was purchased by us - Lamda Hellix SA (
> *AS56910* based in *GREECE, EUROPE* ) - approximately 8 months ago.
>
> We followed the necessary process as instructed by RIPE for changing the
> ownership of the prefix.
>
> Therefore, we kindly ask those of you that use/maintain/operate GeoIP
> databases to update your records.
>
> Most importantly, we would be grateful if you could share with us (
> n...@lamdahellix.com) which Geo databases are mainly used in the US for
> this purpose.
>
> Kind regards,
>
> Adam Pavlidis
>

Re: Asus wifi AP re-writing DNS packets

[TJ Trout]

Have you tried disabling the 'redirect when wan down' feature? I'm guessing
they hijack the dns to redirect the user to a captive portal "your internet
is down" error page possibly?

On Wed, Oct 28, 2020 at 1:42 PM Anurag Bhatia  wrote:

> I tried deleting the rule and it drops the traffic completely. So DNS
> resolution stops working and I am unsure why. It's not like default drop or
> anything. I can edit the rule and whatever active port 53 related rule is
> there works. But I want case of no such rule at all. :-)
>
>
> I setup pihole on Intel NUC little while ago and all Pihole gets is 100%
> of wifi client traffic behind Asus wifi management IP. :-\
>
>
> Plus no matter what DNS I put, queries goes via whatever router gave up
> when Asus booted up.
>
>
> Here's how creepy it gets:
>
> On Rasberry Pi (which is not behind Asus AP but a different switch)
>
> anurag@raspberrypi:~ $ dig whoami.akamai.com @1.1.1.1 a +short
> whoami.akamai.net.
> 162.158.226.218
> anurag@raspberrypi:~ $ dig whoami.akamai.com @8.8.8.8 a +short
> whoami.akamai.net.
> 172.253.244.3
> anurag@raspberrypi:~ $ dig whoami.akamai.com @9.9.9.9 a +short
> whoami.akamai.net.
> 103.224.242.10
> anurag@raspberrypi:~ $
>
> All normal and good.
>
>
>
> Now, from the device (which is behind Asus AP):
>
>  ~> dig whoami.akamai.net @1.1.1.1 a +short
> 172.217.34.65
>
> ~> dig whoami.akamai.net @8.8.8.8 a +short
> 172.217.34.65
>
> ~> dig whoami.akamai.net @9.9.9.9 a +short
> 172.217.34.65
>
> dig whoami.akamai.net @1.2.3.4 a +short
> 172.217.34.65
>
> dig whoami.akamai.net @5.6.7.8 a +short
> 172.217.34.65
>
>
> Essentially Asus picked 8.8.8.8 because I put that during the test and
> rebooted the AP. I will stick with 8.8.8.8 until DHCP lease expires and the
> new server is provided.
>
>
> On Thu, Oct 29, 2020 at 2:01 AM Neil Hanlon  wrote:
>
>> And if so, can you set up your own service to remove their iptables rule
>> after it's been added or otherwise counteract it.
>>
>> At least temporarily, anyways.
>>
>> -Neil
>>
>> On Wed, Oct 28, 2020 at 4:26 PM Ryan Hamel  wrote:
>>
>>> I'm curious to know why they would add such a thing, and how you got the
>>> iptables rules from the device. Do these Asus routers provide SSH directly
>>> into the shell?
>>>
>>> Ryan
>>> On Oct 28 2020, at 11:33 am, Anurag Bhatia  wrote:
>>>
>>> Hello,
>>>
>>> Wondering anyone from Asus here or anyone who could connect me to the
>>> developers there?
>>>
>>> Using Asus RT-AC58U in Access Point(AP) mode and expect it to simply
>>> bridge wired with wireless but seems like it's re-writing DNS packets
>>> source as well as the destination.
>>>
>>>
>>>1. DNS port 53 traffic going out, the source is re-written with the
>>>management IP of the AP on the LAN. So virtually all DNS traffic hits the
>>>router from the (management) IP of the Asus AP instead of real clients.
>>>
>>>2. If I define DNS as x.x.x.x on DHCP, the Asus AP picks that up and
>>>re-writes destination to x.x.x.x and hence even if any client uses 
>>> y.y.y.y,
>>>the packets are simply re-written.
>>>
>>>
>>> I see the rule in iptables on Asus AP. All these issues give an idea
>>> that someone created AP mode (besides regular routing mode) and missed to
>>> disable the DNS related NATing features in the AP mode. So far my
>>> discussions with their support have been going quite slow and would greatly
>>> appreciate if someone could connect me to right folks in there so they can
>>> release a firmware fix for it.
>>>
>>>
>>>
>>> Thanks.
>>>
>>> --
>>> Anurag Bhatia
>>> anuragbhatia.com
>>>
>>>
>
> --
> Anurag Bhatia
> anuragbhatia.com
>

Re: FCC FUSF charges clarification

[TJ Trout]

You shouldn't be getting USF recovery charges if you aren't utilizing
interstate services from said carrier, although all carriers will try to
collect these recovery charges even though a fraction of them actually pay
this forward into USF fund! IP Transit is exempt per ITNA/ITFA as well as
any waves/private lines etc so long as they aren't interstate, even then it
can be exempt (i think) as long as it carries IP traffic.

On Wed, Oct 14, 2020 at 2:35 PM Nuno Vieira via NANOG 
wrote:

> re.
>
> actually it is more than 20%... (i miscalculated stuff)
>
> On the IPT part is 6%; on the waveleght part is 48,2%.
>
> anoyone out there that can point some light on this ?
>
> Or all the other carriers are wrong ? :)
>
> On Wed, 2020-10-14 at 22:14 +0100, Nuno Vieira via NANOG wrote:
> > Hello All,
> >
> > Need some help/insight from you guys on this:
> >
> > Company A is an incorporated in Europe, where it main business is,
> > however it has some pops within USA.
> >
> > Company A uses services from several companies within USA. (carrier
> > H,
> > C, Z, G, L, etc..)  all in the United States to remotelly connect his
> > stuff.
> >
> > All companies charge company A the agreed fees, except company Z.
> >
> > Company A has two services with company Z.
> >
> > One is IP Transit (in SFO, CA)
> > Other is a Metro Wavelenght (also in SFO, CA)
> >
> > Company Z charges company A on top of agreed services:
> >
> > for IP Transit (other charges representing roughly 6%)
> >
> > for the wavelenght (a lot of charges, such as the ones described
> > below)
> >
> > - FCC Regulatory Fee (wireline)
> > - Fed Universal Service Fund
> > - CA High Cost Fund A
> > - CA Teleconnect Fund
> > - CA TRS
> > - CASF
> > - Universal Lifeline Telephone Service Charge
> > - Utility Users Tax
> >
> > nevertheless company A DOES NOT have any "Telephone" services
> > or whatsoever in the USA.
> >
> > At the end of the day what was meant to be a fixed bill is in fact a
> > 20% higher one...
> >
> > So... my question IS:   Is an European company (or whatsoever foreign
> > wholesale company) WITHOUT ANY customers in USA liable to pay those
> > taxes to the carrier ?
> >
> > Thanks for all you help.
> >
> > /Nuno
> >
> >
>
>

Re: Hurricane Electric AS6939

[TJ Trout]

sounds like he needs full routes..

On Tue, Oct 13, 2020 at 4:36 PM Ryan Hamel  wrote:

> You would get better peering from Equinix IX, which includes free HE IPv4
> Peering + IPv6 Transit
>
> Ryan
> On Oct 13 2020, at 4:29 pm, Aaron Gould  wrote:
>
> Do y’all like HE for Internet uplink? I’m thinking about using them for
> 100gig in Texas. It would be for my eyeballs ISP. We currently have
> Spectrum, Telia and Cogent.
>
> -Aaron
>
>

Re: Passive Wave Primer

[TJ Trout]

Thanks for the explanation, I always thought 'waves' were 'alien waves' I
guess, I thought you had to coordinate the channel and you used wdm optics,
I didn't realize they normally are provisioned with ethernet to a OTN then
get channelized, good info.

On Tue, Oct 13, 2020 at 11:36 AM Tony Wicks  wrote:

> An Alien wave comes in from an external source, for an example a customer
> has WDM optics in their kit. A normal wave the “customer” connects with a
> normal 10GE/100GE (or whatever is appropriate) and a line card on the OTN
> platform “grooms” that to the appropriate WDM channel.
>
>
>
> *From:* NANOG  *On Behalf Of *TJ
> Trout
> *Sent:* Wednesday, 14 October 2020 6:22 am
> *To:* James Jun 
> *Cc:* nanog 
> *Subject:* Re: Passive Wave Primer
>
>
>
> What is the difference between a normal wave and a alien wave?
>
>
>

Re: Passive Wave Primer

[TJ Trout]

What is the difference between a normal wave and a alien wave?

On Tue, Oct 13, 2020, 6:36 AM James Jun  wrote:

> On Tue, Oct 13, 2020 at 12:27:44PM +, Rod Beck wrote:
> > Dear Network Gurus,
> >
> > Looking for a tutorial on passive waves. How it works. Pros and cons. .
> >
>
> Essentially, you're providing a channel off of your DWDM filters for
> someone else to pass light.
>
> Commonly in the market, a "wavelength" product generally isn't a true
> wavelength, especially on long-haul segments.
> The 'wavelength' market really is an evolution of the old SONET market in
> some ways -- carriers will typically light a channel (either in fixed grid
> filter or flex grid) and that single channel is usually an X-gigabaud (e.g.
> 35-95Gbd) that uses coherent modulation on line side for say 200-800Gbps
> and multiplexing for tributary channels (such as TDM) on client side ports
> to break away a 100GE circuit for the customer end-user.
>
> As far as technicalities are concerned, most 'wavelength' products that
> behave as described above, ought to be called "dedicated circuits" or
> "circuit-switched transport" if we're anal about its operating principles.
>
> As for 'true' wavelength service, that brings us to your question:
>
> When you're talking about passive wave or 'alien wave', what you're doing
> is you're providing a wavelength frequency assignment on your photonic
> filter system (a channel on your 100 Ghz fixed grid DWDM filter, or
> bandwidth assignment window on your flex grid ROADM) to the customer, which
> would typically be another network provider, or a very clued enterprise
> customer that wants to run his own optical transport but can't justify the
> economics of full dark fiber over the said span, and doesn't need more than
> <=95Gbd max of modulation bandwidth.
>
> The customer would pass traffic similarly to how you yourself would light
> a channel, installing a coherent transponder for 200-800Gbps wave facing
> the line side, and breaking it out to Nx100GE for end-user traffic.
>
> James
>
>

Re: Is there *currently* a shortage of IPv4 addresses?

[TJ Trout]

Anne,

IPv4 has been depleted in ARIN region since ~2015, it's supply and demand.

On Tue, Aug 4, 2020 at 12:36 PM Anne P. Mitchell, Esq. 
wrote:

> I know that a shortage of IPv4 addresses has been anticipated for quite
> some time (literally decades), however, is there a shortage *right now*?
>
> I ask, because Liquid Web is using it as an excuse to raise their prices:
>
> "We're contacting you today to inform you of a change to your account. As
> you may know, the global shortage of IPv4 addresses (
> https://www.ripe.net/manage-ips-and-asns/ipv4/ipv4-run-out) continues to
> impact web hosting companies around the world. ... Effective August 31st,
> we will be updating our per IPv4 address price to $2.00 per IP."
>
> Anne
>
> --
> Anne P. Mitchell,  Attorney at Law
> Dean of Cyberlaw & Cybersecurity, Lincoln Law School
> CEO, SuretyMail Email Reputation Certification
> Author: Section 6 of the CAN-SPAM Act of 2003 (the Federal anti-spam law)
> Board of Directors, Denver Internet Exchange
> Chair Emeritus, Asilomar Microcomputer Workshop
> Former Counsel: Mail Abuse Prevention System (MAPS)
>
>

Re: Network card with relay in case of power failure

[TJ Trout]

'network bypass adapter' seems to yield results on eBay.

On Wed, Jun 17, 2020 at 2:15 PM Yang Yu  wrote:

> something like
> https://www.chelsio.com/wp-content/uploads/2012/02/B420-021412.pdf
> ?
>
> On Wed, Jun 17, 2020 at 1:16 PM Dovid Bender  wrote:
> >
> > Hi,
> >
> > I am sorry if this is off topic.I was once demoed a network device that
> had two interfaces. The traffic would go through the device. If there was a
> power cut or some other malfunction there would be a relay that would
> physically bridge the two network interfaces so the traffic would flow as
> if it was just a network cable. Is anyone aware of such a network card or
> device?
> >
> > TIA.
> >
> >
>

Re: Network card with relay in case of power failure

[TJ Trout]

check with lannerinc, they sell x86 devices with this bypass function

On Wed, Jun 17, 2020 at 1:15 PM Dovid Bender  wrote:

> Hi,
>
> I am sorry if this is off topic.I was once demoed a network device that
> had two interfaces. The traffic would go through the device. If there was a
> power cut or some other malfunction there would be a relay that would
> physically bridge the two network interfaces so the traffic would flow as
> if it was just a network cable. Is anyone aware of such a network card or
> device?
>
> TIA.
>
>
>

Re: Hurricane Electric has reached 0 RPKI INVALIDs in our routing table

[TJ Trout]

absolutely awesome Mike!

Can you put on the roadmap to enable irr based filters for customers with
bgp communities?

On Mon, Jun 15, 2020 at 9:48 PM Mike Leber via NANOG 
wrote:

> I'm pleased to announce Hurricane Electric has completed our RPKI
> INVALID filtering project and we now have 0 RPKI INVALIDs in our routing
> table.
>
> Hurricane Electric has 29021 BGP sessions with 22109 prefix filters with
> 7191 networks directly and 8239 networks including Internet exchanges.
>
> We filter all BGP sessions using prefix filters based on IRR and RPKI.
>
> These prefix filters are updated automatically both through a system of
> daily updates and real time updates to prevent RPKI INVALID routes from
> being carried in our routing table.
>
>

Re: Outsourced NOC Solutions

[TJ Trout]

stop being a disrespectful little prick.

On Mon, Jun 8, 2020 at 4:52 PM Miles Fidelman 
wrote:

> *Rod Beck* rod.beck at unitedcablecompany.com
> 
> wrote
>
> I would calm down, Miles.  Dark fiber networks are built and usually 
> maintained by the same construction company that installed them. And a dark 
> fiber network does not even need a single full time optical engineer. If the 
> cable is damaged, then the guys who installed it will repair it. All the 
> expertise is there.
>
> And no, I am not an executive at a undersea cable system. i was one of 
> Hibernia Atlantic's top salesmen during the early years from 2004-2011 after 
> which I retired.
>
>
> Funny thing then, given that you signed your original query as:
>
> Roderick Beck
> VP of Business Development
> United Cable 
> Companywww.unitedcablecompany.com
>
> And following the link to United Cable Company's web site reveals:
>
> "Your source for the world's most distinctive submarine cable assets."
> And the about page says "Its mission, as a leading telecom consulting
> company, is to represent the world’s most distinctive submarine and
> terrestrial cable assets."
>
> Your original query asked:
>
> Am I wrong in believing that there should be a way of lighting a single pair 
> in the cable and then monitoring it for signal disruption? It is not a 
> perfect solution, but arguably better than learning that the cable has been 
> damaged from an irate customer.
>
> In a followup message you say:
>
> Just to clarify, this is a dark fiber network already built and will be 
> repaired by the construction company that built it. I just a system to inform 
> them as soon as the fibers are damaged.
>
> So... color me confused about who you are, who you represent, what you're
> trying to accomplish, what you're asking, and, perhaps, why you don't
> already know the answer to your question, or have someone internal to your
> organization who already knows.
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.   Yogi Berra
>
> Theory is when you know everything but nothing works.
> Practice is when everything works but no one knows why.
> In our lab, theory and practice are combined:
> nothing works and no one knows why.  ... unknown
>
>

Re: Best way to get foreign ISPs to shut down DDoS reflectors?

[TJ Trout]

Bottiger,

If what you are saying is true and can be backed by documentation, I would
start at the abuse contact for the offending 'Amplifier' and then start
working your way up the transits of the offending AS# until someone cuts
them off.
The Squeaky wheel gets the grease!

On Thu, Apr 23, 2020 at 3:33 PM Bottiger  wrote:

> There are many decent options for ddos protection in the US and Europe,
> however there are very few in Brazil and Asia that support BGP. Servers and
> bandwidth in these areas are much more expensive.
>
> Even though we are already doing anycast to split up the ddos attack, a
> majority of the attack traffic is now ending up in these expensive areas,
> and to top it off, these ISPs won't respond to abuse emails.
>
> It makes me wonder what the point of these abuse email are and if the
> regional registries have any power to force them to reply.
>
> On Thu, Apr 23, 2020 at 3:12 PM Compton, Rich A 
> wrote:
>
>> Good luck with that.    As Damian Menscher has presented at NANOG,
>> even if we do an amazing job and shut down 99% of all DDoS reflectors,
>> there will still be enough bandwidth to generate terabit size attacks.
>> https://stats.cybergreen.net
>>
>> I think we need to instead collectively focus on stopping the spoofed
>> traffic that allows these attacks to be generated in the first place.
>>
>> -Rich
>>
>>
>>
>> *From: *NANOG Email List  on behalf of Bottiger
>> 
>> *Date: *Thursday, April 23, 2020 at 3:32 PM
>> *To: *Siyuan Miao 
>> *Cc: *NANOG list 
>> *Subject: *Re: Best way to get foreign ISPs to shut down DDoS reflectors?
>>
>>
>>
>> We are unable to upgrade our bandwidth in those areas. There are no
>> providers within our budget there at the moment. Surely there must be some
>> way to get them to respond.
>>
>>
>>
>> On Thu, Apr 23, 2020 at 2:23 PM Siyuan Miao  wrote:
>>
>> It won't work.
>>
>>
>>
>> Get a good DDoS protection and forget about it.
>>
>>
>>
>> On Fri, Apr 24, 2020 at 5:17 AM Bottiger  wrote:
>>
>> Is there a guide on how to get foreign ISPs to shut down reflectors used
>> in DDoS attacks?
>>
>>
>>
>> I've tried sending emails listed under abuse contacts for their regional
>> registries. Either there is none listed, the email is full, email does not
>> exist, or they do not reply. Same results when sending to whatever other
>> email they have listed.
>>
>>
>>
>> Example Networks:
>>
>>
>>
>> CLARO S.A.
>>
>> Telefonica
>>
>> China Telecom
>>
>> Korea Telecom
>>
>> The contents of this e-mail message and
>> any attachments are intended solely for the
>> addressee(s) and may contain confidential
>> and/or legally privileged information. If you
>> are not the intended recipient of this message
>> or if this message has been addressed to you
>> in error, please immediately alert the sender
>> by reply e-mail and then delete this message
>> and any attachments. If you are not the
>> intended recipient, you are notified that
>> any use, dissemination, distribution, copying,
>> or storage of this message or any attachment
>> is strictly prohibited.
>>
>

Re: FYI - Suspension of Cogent access to ARIN Whois

[TJ Trout]

very interesting, so it will have quite a bit of collateral impact on
innocent cogent customers? I like this, because merely removing cogents
access probably wouldn't sway them much.

On Mon, Jan 6, 2020 at 8:30 PM John Curran  wrote:

> ARIN has suspended service for all Cogent-registered IP address blocks.
> Customers with their own IP blocks blocks that are simply being announced
> by Cogent are not affected.
>
> /John
>
> John Curran
> President and CEO
> American Registry for Internet Numbers
>
>
> On Jan 6, 2020, at 9:44 PM, Ross Tajvar  wrote:
>
> 
> Yeah this raises a great point - I'm curious how ARIN is differentiating
> between cogent and cogens customers when monitoring for prohibited access.
> Particularly those customers whose IPs belong to and are announced by
> Cogent.
>
> On Mon, Jan 6, 2020, 10:38 PM Martin Hannigan  wrote:
>
>>
>> — shifting a side thread
>>
>>
>> John,
>>
>> I have no stake in this, so far, but I have a few questions.
>>
>> Can you define exactly what services have been blocked? IRR/ROA/TLA
>> registry updates, etc? Were they blocked ^174 or 174$? This is a precedent
>> AFAIK. I’d like to understand consequences. In case I decide to attend
>> Dave’s sales training? :-)
>>
>> Cheers,
>>
>> -M<
>>
>>
>>
>> On Mon, Jan 6, 2020 at 10:45 John Curran  wrote:
>>
>>> On 22 Sep 2019, at 8:52 AM, Tim Burke  wrote:
>>>
>>>
>>> That is just The Cogent Way™, unfortunately. I just had (yet another)
>>> Cogent rep spam me using an email address that is _only_ used as an ARIN
>>> contact, trying to sell me bandwidth. When I called him out on it, with
>>> complia...@arin.net CCed, he backpedaled and claimed to obtain my
>>> information from Google.
>>>
>>>
>>> ARIN has repeatedly informed Cogent that their use of the ARIN Whois for
>>> solicitation is contrary to the terms of use and that they must stop.
>>> Despite ARIN’s multiple written demands to Cogent to cease these prohibited
>>> activities, ARIN has continued to receive complaints from registrants that
>>> Cogent continues to engage in these prohibited solicitation activities.
>>>
>>> For this reason, ARIN has suspended Cogent Communications’ use of
>>> ARIN’s Whois database effective today and continuing for a period of six
>>> months.  For additional details please refer to
>>> https://www.arin.net/vault/about_us/corp_docs/20200106_whois_tos_violation.pdf
>>>ARIN will restore Cogent’s access to the Whois database at an earlier
>>> time if Cogent meets certain conditions, including instructing its sales
>>> personnel not to engage in the prohibited solicitation activities.
>>>
>>> Given the otherwise general availability of ARIN Whois, it is quite
>>> possible that Cogent personnel may evade the suspension via various means
>>> and continue their solicitation.  If that does occur, please inform us (via
>>> complia...@arin.net), as ARIN is prepared to extend the suspension
>>> and/or bring appropriate legal action.
>>>
>>> FYI,
>>> /John
>>>
>>> John Curran
>>> President and CEO
>>> American Registry for Internet Numbers
>>>
>>>
>>>
>>>
>>>
>>>
>>>

Re: AT AS7018 - Filter Changes

[TJ Trout]

Did you try opening a ticket with express ticketing for a route change?
they normally handle them almost instantly every time I've ever added or
changed a prefix

On Mon, Dec 23, 2019 at 2:00 PM James Breeden  wrote:

> Anyone here high enough in AT IP engineering that can grab a lifecycle
> ticket and make some filter changes on a BGP session? I’ve had a ticket
> open to make some transit filter adjustments for almost 4 days now and no
> updates and nobody seems to understand what RADB is….
>
>
>
> Feel free to hit me offlist.
>
>
>
>
>
> *James W. Breeden*
>
> *Managing Partner*
>
>
>
> *[image: logo_transparent_background]*
>
> *Arenal Group:* Arenal Consulting Group | Atheral | Ceteris Coin | Acilis
> Telecom | Pines Events and Media | BlueNinja
>
> Corporate: PO Box 1063 | Smithville, TX 78957
>
> Email: ja...@arenalgroup.co | office 512.360. | cell 512.304.0745 |
> www.arenalgroup.co
>
>
>

Re: Dallas Dark Fiber

[TJ Trout]

I think for submarine this might be useful, for anything else I wouldn't
even call infapedia even in an alpha testing stage.

On Tue, Dec 17, 2019, 5:24 PM Mehmet Akcin  wrote:

> There is a website for finding this... https://live.infrapedia.com lots
> of options windstream. Zayo, CC...
>
> On Tue, Dec 17, 2019 at 12:33 Ilissa Miller  wrote:
>
>> FiberLight is a strong player in TX and has a number of new builds
>> throughout Dallas and beyond.
>>
>> On Tue, Dec 17, 2019 at 3:26 PM JASON BOTHE via NANOG 
>> wrote:
>>
>>> Zayo, Consolidated and Crown Castle are my go-tos. They have the biggest
>>> footprints in the DFW market.
>>>
>>> J~
>>>
>>> On Dec 17, 2019, at 14:20, Rod Beck 
>>> wrote:
>>>
>>> 
>>> Hi,
>>>
>>> I want to understand the Dallas dark fiber market. Who are the major
>>> players? Who has done recent builds (2010 onward)? Who has 864 strand
>>> cables for sale? Who has dense coverage with good manhole access to
>>> buildings and utility structures?
>>>
>>> Thanks in advance.
>>>
>>> Regards,
>>>
>>> Roderick.
>>>
>>> Roderick Beck
>>> VP of Business Development
>>>
>>> United Cable Company
>>>
>>> www.unitedcablecompany.com
>>>
>>> New York City & Budapest
>>>
>>> rod.b...@unitedcablecompany.com
>>>
>>> 36-70-605-5144
>>>
>>>
>>> [image: 1467221477350_image005.png]
>>>
>>>
>>
>> --
>> *Ilissa Miller*
>>
>> CEO, iMiller Public Relations
>>
>> President, NEDAS
>>
>> Founder, Independent Data Center Alliance
>>
>> Office:  (914) 315-6424
>>
>> Mobile: (917) 743-0931
>>
>> @iMillerPR | @ilissanyc
>>
>>
>>
>> iMiller Public Relations
>>
>> www.imillerpr.com
>>
>>
>> *NEDAS 2020 Sponsorships now available - ask me how you can get involved
>> educating and learning about the wireline and wireless convergence
>> underway.*
>>
> --
> Mehmet
> +1-424-298-1903
>

Re: Colo

[TJ Trout]

I'm looking for the same + Equinix in San Jose

On Tue, Dec 17, 2019, 7:31 AM Phil Lavin  wrote:

> I'm looking for someone of a sales persuasion who sells small volume Colo
> in Equinix LA1-LA4, SV1, SV5, SV10 and/or SG2. Can anyone who does this
> please contact me off list?
>
> Thank you :)
>

Re: Tower locations

[TJ Trout]

Most wisps put up their own towers or install on grain Mills etc, a small
percent use commercial towers they pay rent on.

On Wed, Oct 16, 2019, 5:25 AM Aden Dragulescu  wrote:

> WISPs:
>
> From where do you find information on various tower locations, pricing,
> and available connectivity? More specifically, are you consulting directly
> with tower companies when searching for locations or is there someone/a
> service who provides this information more generally?
>
> Thanks.
>
> --
> *Aden Dragulescu*
> fiberdrop, LLC
> a...@fiberdrop.net
>

Re: ARIN Fantasy WHOIS: NET-216-179-183-0-1

[TJ Trout]

If it's legacy, there are no bills?

On Thu, Aug 15, 2019 at 7:54 PM Quan Zhou  wrote:

> I wonder whom did the ARIN have sent bills to.
>
> On 8/15/19 12:40 PM, Ronald F. Guilmette wrote:
> > As if to underscore the point I just tried to make about the fundamental
> > unreliability of ARIN WHOIS records, I just stumbled onto this rather
> > curious entity which was apparently given a sub-allocation of
> 216.179.183.0/24
> > beneath the 216.179.128.0/17 (Azuki, Inc.) block as of 2012-01-10:
> >
> > OrgName:Rogers Communications Inc
> > OrgId:  RC-82
> > Address:E 2nd St,Campbell
> > City:   Gillette
> > StateProv:  WY
> > PostalCode: 82716
> > Country:US
> > RegDate:2012-01-10
> > Updated:2012-01-10
> > Ref:https://rdap.arin.net/registry/entity/RC-82
> >
> > Other that the fact that it has an oddly similar name to one of Canada's
> > largest and most well-known Internet and cell phone companies, the only
> > other thing that's rather remarkable about it is that it was given the
> > 216.179.183.0/24 block, by Azuki, Inc. in 2012.  What's odd about that?
> > Well, only the fact that this *Wyoming* incarnation of Rogers
> Communications
> > had apparently already died and gone to Valhalla some 14 years earlier,
> > in 1998:
> >
> >
> https://wyobiz.wy.gov/Business/FilingDetails.aspx?eFNum=070023242004106130056183154143023082073130141117
> >
> > Moral of the story:  Don't ever let anybody tell you that ghosts... even
> > ghosts of long dead companies... aren't real or that they do not walk
> > among us.  Their immortal auras pervade the very ether we breath.
> >
> > And they have their own IPs, apparently.
> >
> > But, you know, if your customers are getting hack attacks emmanating from
> > 216.179.183.0/24... well... to quote the old Ghostbusters tag line "Who
> > you gonna call?"  (Hint:  Don't waste your time calling the number in the
> > WHOIS record.  It's just some bloody preschool.)
> >
> > Regards,
> > rfg
>

Re: Ookla geo IP data contact?

[TJ Trout]

How does one request Ookla to update their database to reflect the proper
whois owner of a netblock? The process must not be automated because these
netblocks have been under a new name for 3 to 5 years now.

On Thu, Aug 8, 2019, 11:02 AM Josh Luthman 
wrote:

> The name is from WHOIS records.  The location is from Maxmind.
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
> On Thu, Aug 8, 2019 at 1:36 PM TJ Trout  wrote:
>
>> Has anyone had success with getting Ookla / Maxmind to update subnets
>> whois data? I've submitted the correction request with Maxmind ten times
>> over the last 5 years and all of our resources still show the previous
>> allocation owner as the 'isp' when visiting speed test.net
>>
>> Thanks
>>
>> TJ Trout
>> Volt Broadband
>>
>

Ookla geo IP data contact?

[TJ Trout]

Has anyone had success with getting Ookla / Maxmind to update subnets whois
data? I've submitted the correction request with Maxmind ten times over the
last 5 years and all of our resources still show the previous allocation
owner as the 'isp' when visiting speed test.net

Thanks

TJ Trout
Volt Broadband

Re: Bgpmon alternatives?

[TJ Trout]

I also cannot find a way to subscribe to your hijack notifications?

On Wed, Jul 17, 2019, 10:45 PM Töma Gavrichenkov  wrote:

> On Thu, Jul 18, 2019 at 3:16 AM TJ Trout  wrote:
> > Anyone know of a hosted alternative to bgpmon? I'm testing
> > Qrator but I can't determine if it will notify in real-time of a
> > prefix hijack?
>
> Qrator guy there.
> Real-time notifications are there but are only available on a
> commercial basis, because basically real time is expensive to compute.
> The rest is free.
>
> --
> Töma
>

Re: Bgpmon alternatives?

[TJ Trout]

Anyone know of a hosted alternative to bgpmon? I'm testing Qrator but I
can't determine if it will notify in real-time of a prefix hijack?

On Sun, Jun 16, 2019 at 9:23 AM Matt Corallo  wrote:

> There's also https://github.com/NLNOG/bgpalerter (which I believe they're
> trying to turn into a website frontend based on RIS, but I run it with
> patches for as_path regexes and it works pretty well).
>
> On Jun 16, 2019, at 07:40, Michael Hallgren  wrote:
>
> RIS Live API is a choice for this.
>
> mh
> Le 16 juin 2019, à 13:21, Brian Kantor  a écrit:
>>
>> That would be wonderful.  Thank you!
>>  - Brian
>>
>>
>> On Sun, Jun 16, 2019 at 03:59:29AM -0700, Mike Leber wrote:
>>
>>>  I'm sure if it doesn't do exactly that already, we can add it shortly.
>>>
>>>  Some of planned functionality for hijack detection is already live.
>>>  That's one of the main reasons for creating this service.
>>>
>>>  Mike.
>>>
>>>  On 6/16/19 2:48 AM, Brian Kantor wrote:
>>>
  On Sun, Jun 16, 2019 at 02:25:40AM -0700, Mike Leber wrote:

>  As a beta service you can try out rt-bgp.he.net.  This is a real time
>  bgp monitoring service we are developing.
>
  It's interesting, but I don't see any way to do what I primarily
  use the existing BGPMon for: watch for hijacks.

  That is, set up one or more prefixes to be continuously monitored
  and have the monitor send me an email alert when that prefix or a
  subnet of it begins to be announced by someone new.

  For example, if I have told it to monitor 44.0.0.0/8 and someone
  somewhere begins announcing it, or perhaps 44.1.0.0/16, I'd very
  much like to know about that, along with details of who and where.

  Then if that announcement is authorized, I can tell the monitoring
  service that this new entry is NOT a hijack, and it won't bug me
  about it again.

  Can it be persuaded to do this?
   - Brian

>>>

Re: Anyone from AT/AS7018 available?

[TJ Trout]

And they aren't archived when you post to the list anyway?

On Wed, Jun 26, 2019, 3:31 PM Randy Bush  wrote:

> > um, blaring someone's personal email address to 10,000 people for a
> > work related thing?
>
> +20
>

Re: Anyone from AT/AS7018 available?

[TJ Trout]

try  Jay Borkenhagen 

On Wed, Jun 26, 2019 at 11:31 AM Christopher Rogers 
wrote:

> I'm a customer of 7018 and am currently struggling to get anyone to look
> at a bgp misconfiguration within 7018- it's like pissing into a hurricane.
> If anyone is available could you kindly ping me offlist?
>
> cheers
> -chris
>
>

Re: Birch/Primus/Fusion Network ASN integration?

[TJ Trout]

wrong fusion on peering db

On Mon, Jun 17, 2019 at 10:35 PM Eric Kuhnke  wrote:

> Hey all,
>
> I'm looking for any info that might be publicly available regarding
> intentions to merge the Primus ASN into Birch/Fusion Network, or whether it
> will remain its own thing.
>
> Primus acquired by Birch:
> https://primus.ca/index.php/bc_en/news-and-events/primus-news-birch-completes-purchase-of-primus-telecommunications-assets-in-canada/
>
> Birch acquired by Fusion:
> https://primus.ca/index.php/yt_en/news-and-events/primus-news-fusion-announces-closing-of-birch-acquisition/
>
> primus: https://www.peeringdb.com/net/2811
>
> fusion: https://www.peeringdb.com/net/4608
>

Re: Bgpmon alternatives?

[TJ Trout]

Thanks Mike

On Sun, Jun 16, 2019, 6:10 AM Vasileios Kotronis 
wrote:

> Hello,
>
> in case you would like to check out open-source projects
>
> you could try our community tool ARTEMIS
> https://github.com/FORTH-ICS-INSPIRE/artemis
>
> which uses RIS live and Routeviews feeds (as well as optionally local
> network feeds)
>
> to detect hijacks of different types (e.g., sub-prefix, fake
> origin/neighbor, etc.) in real-time.
>
> Best,
>
> Vasileios
>
> On 16/6/19 4:55 π.μ., TJ Trout wrote:
> > Any simple and easy bgpmon alternatives you guys could recommend?
> >
> >
> --
> ===
> Vasileios Kotronis
> Postdoctoral Researcher, member of the INSPIRE Group
> INSPIRE = INternet Security, Privacy, and Intelligence REsearch
> Telecommunications and Networks Lab (TNL)
> Foundation for Research and Technology - Hellas (FORTH)
> Leoforos Plastira 100, Heraklion 70013, Greece
> e-mail : vkotro...@ics.forth.gr
> url: http://inspire.edu.gr
> ===
>
>

Bgpmon alternatives?

[TJ Trout]

Any simple and easy bgpmon alternatives you guys could recommend?

Re: HE.NET Contact / Outage

[TJ Trout]

We use HE transit here in California from multiple pops for the last 7+
years and I can only think of one outage ever

On Mon, Jun 3, 2019 at 11:16 AM Dovid Bender  wrote:

> We had an issue in NY as well and they blamed a router in ASH as well. Our
> solution was to route away.
>
>
> On Mon, Jun 3, 2019 at 2:11 PM Jared Geiger  wrote:
>
>> We had a similar issue at 5AM Pacific time in Ashburn VA. They blamed it
>> on a software bug and disabled that feature.
>>
>> We had another outage at the same time a week before also. They blamed it
>> on a route table corruption that time.
>>
>> On Mon, Jun 3, 2019 at 10:06 AM David Deutsch 
>> wrote:
>>
>>> Hi Everyone,
>>>
>>> We experienced a pretty bad HE.NET  outage on Friday,
>>> May 31st where fiber/BGP were up on our side out of LAX and our route
>>> advertisements where forwarded to public ASs; however packets stalled
>>> midway in the HE network.
>>>
>>> Urgent calls to their NOC escalating in the morning fell on death ears,
>>> with replies like "Senior techs aren't available until later in the day".
>>>
>>> Can anyone on the list from HE reach out to me directly on the issue
>>>
>>> Sincerely,
>>> David Deutsch
>>> Televergence CTO
>>> 646-502-4010
>>>
>>>

Re: My .sig (Was Re: Packetstream - how does this not violate just about every provider's ToS?)

[TJ Trout]

Your sig is fine, anyone who says otherwise needs to obtain gainful
employment to occupy more free time

On Fri, Apr 26, 2019 at 8:36 PM James R Cutler 
wrote:

> --- amitch...@isipp.com wrote:
> From: "Anne P. Mitchell, Esq." 
>
> [This .sig space open to suggestions.]
>
> Just to continue this clearly trivial discussion:
>
> I enjoy your signature. It always leaves no question regarding the posting
> identity.
>
> James R. Cutler
> james.cut...@consultant.com
> GPG keys: hkps://hkps.pool.sks-keyservers.net
>
>
>
>

Re: residential/smb internet access in 2019 - help?

[TJ Trout]

You are way out of line, and grouping a whole industry into your experience
with (probably) one hack

On Wed, Mar 27, 2019 at 12:28 PM Bryan Fields  wrote:

> On 3/27/19 7:50 AM, Mike Hammett wrote:
> > https://broadbandnow.com/Florida/Micanopy?zip=32667#
> >
> > You might want to try neighboring ZIP codes to see what other fixed
> > wireless providers might be convinced to expand.
> >
> > http://svic.net/wireless-broadband-north-florida/
>
> You really want to weigh what wireless can offer as many of the local
> players
> doing wireless lack the depth of network knowledge and are completely
> ignorant
> of what it takes to run an RF network.  I'd independently verify your
> circuits
> up-time if you decide to go with a wireless ISP.
>
> The other sad part is the PtMP wireless technology is likely slower than an
> LTE modem with external antenna.
>
> The WISP's had a great time circa 2005 or so, but now that the licensed
> players have surpassed what they can offer it's hard to justify the lower
> availability of the typical WISP vs. cost.
>
> --
> Bryan Fields
>
> 727-409-1194 - Voice
> http://bryanfields.net
>

Re: Comcast contact for wholesale ethernet/local loop

[TJ Trout]

Access to Comcast ethernet services on a wholesale level, interconnection
for NNI to use comcast as local access, etc

On Tue, Mar 5, 2019 at 9:01 PM Keith Christian 
wrote:

> TJ,
>
> What are you seeking, exactly?
>
> Keith
>
> On Tue, Mar 5, 2019 at 7:46 PM TJ Trout  wrote:
>
>> Does anyone know the name, or have contact information for the department
>> within Comcast that handles carriers looking to purchase local access, etc?
>>
>> Normally this would be the carrier or wholesale group, but either of
>> their websites seem to be aligned to the services we are looking for?
>>
>> Thank you,
>>
>> TJ Trout
>> EXPOHL LLC
>> AS62809
>>
>

Comcast contact for wholesale ethernet/local loop

[TJ Trout]

Does anyone know the name, or have contact information for the department
within Comcast that handles carriers looking to purchase local access, etc?

Normally this would be the carrier or wholesale group, but either of their
websites seem to be aligned to the services we are looking for?

Thank you,

TJ Trout
EXPOHL LLC
AS62809

Re: Initial ARIN IPv4 membership and resource request

[TJ Trout]

You do realize that there aren't any resources available to request right?

On Wed, Feb 6, 2019 at 12:54 PM Nathanael Catangay Cariaga <
ncari...@gmail.com> wrote:

> Dear NANOG, does someone here have a breakdown of the initial ARIN fees /
> cost assuming I'll be requesting an initial block of /22 IPv4 resource?
>
>
> Regards,
>
> -nathan
>

Re: Playstation/Sony Support

[TJ Trout]

snei-noc-abuse () am.sony.com

On Fri, Sep 14, 2018 at 3:39 PM, Matthew Kaufman  wrote:

> Every IP of mine that's banned is banned because of a hacked Mikrotik
> router. Despite keeping up with the numerous updates, it seems almost every
> one I own got hit in the last week.
>
> Matthew Kaufman
>
> On Fri, Sep 14, 2018 at 11:13 AM Dennis Burgess via NANOG 
> wrote:
>
>> I am looking for someone that can help me with a IP that appears banned
>> from the PS4 network.  If you are around, please hit me off-list J
>>
>>
>>
>> Thanx,
>>
>>
>>
>>
>>
>> *Dennis Burgess, Mikrotik Certified Trainer *
>>
>> Author of "Learn RouterOS- Second Edition”
>>
>> *Link Technologies, Inc* -- Mikrotik & WISP Support Services
>>
>> *Office*: 314-735-0270 <(314)%20735-0270>  Website:
>> http://www.linktechs.net
>>
>> Create Wireless Coverage’s with www.towercoverage.com
>>
>>
>>
>

Re: USB Ethernet Adapters

[TJ Trout]

https://www.amazon.com/gp/product/B00BBD7NFU/ref=oh_aui_search_detailpage?ie=UTF8=1

and

https://www.amazon.com/gp/product/B00X4S587K/ref=oh_aui_search_detailpage?ie=UTF8=1

have both been working great for me on windows ten using an xps 13

TJ

On Mon, May 14, 2018 at 10:45 AM, Colton Conor <colton.co...@gmail.com>
wrote:

> Our new laptops like most do not have an Ethernet adapter build in as they
> are too slim. What USB to Ethernet adapter do you recommend and why?
> Ideally it would be compatible with Windows 10, and have the ability to set
> speed, duplex and VLAN IDs if possible.
>

Re: Acquiring unused IP range. Some questions

[TJ Trout]

Arin about a week. Just need a LOA for the block I think.

On Fri, Dec 2, 2016 at 2:43 PM, William McLendon  wrote:

> Hi everyone,
>
> we are about to acquire a block of IP’s from another organization that has
> unused space, and being fairly new to these procedures, I was hoping for
> some guidance.
>
> We have already been pre-approved by ARIN for the block size we are
> acquiring, and finalizing the deal with the current owner of the address
> space.  First question is, once they initiate the transfer request to
> transfer the IP range to us, how long does that typically take for ARIN to
> complete?
>
> Secondly, our relationship with the IP block owner is a very good one,
> such that I think they would be ok with us advertising this block before we
> technically own it.  My question is, what do they and we need to do to
> accomplish that in the proper way, so that the internet at large would
> accept the advertisement from a different ASN, and not view as some sort of
> hijacking, etc.  I am guessing they may need to update some RADB or
> something like that, but i’ll be honest my knowledge of how those things
> work and their complete function is pretty slim.
>
> This would be a short term thing as we expect the purchase process to
> complete pretty quickly, but it would be advantageous to us to be able to
> advertise the space immediately.  We just want to make sure we start off on
> the right foot.
>
>
> Thanks,
>
> Will

Re: 10G switch drops traffic for a split second

[TJ Trout]

I plan on disabling FC on everything tonight, I've done that before but I
want to be sure.

Anything that can be done about the 2 x 1G peers trunking to the 10G router
transition that can be fixed? should I be rate limiting the vlan for the
peers at 1G so the 10G router isn't trying to send more than 1G?

On Tue, Nov 29, 2016 at 1:47 PM, Michael Loftis <mlof...@wgops.com> wrote:

> Yes it is absolutely possible to overrun the buffers.  Any kind of
> backpressure (FC) from hosts, or 10G->1G transitions can easily cause
> it.  Even if in a 10s window you're not over 1G if the 10G sender
> attempts to back to back too many frames in a row (Like say sendfile()
> API type calls) BOOM, dropping frames in the switch.
>
> On Tue, Nov 29, 2016 at 1:28 PM, TJ Trout <t...@pcguys.us> wrote:
> > Luke;
> >
> > All l2, no l3. only 4 vlans. 2 peers trunked to a router which trunks
> back
> > to 2 devices (microwave backhauls).
> >
> > Chuck;
> >
> > All ports are 10g except the 2 peers are 1g and trunk back to a 10g port
> > for the router wan
> >
> > No TCN's
> >
> > Brian;
> >
> > I have tried a IBM G8124 and a Ubiquiti ES-16-XG both show same exact
> drops
> > across all ports, makes me think it's a config issue. MTU, FC, something.
> >
> > Andrew;
> >
> > I have tried with FC disabled, but I will try that one more time.
> >
> > Mikael;
> >
> > Is it possible to over run the buffers of a 320gbps backplane switch with
> > only 1.5gbps traffic? I think the switch is rated for 140m PPS and I'm
> only
> > pushing 100k PPS
>

Re: 10G switch drops traffic for a split second

[TJ Trout]

Luke;

All l2, no l3. only 4 vlans. 2 peers trunked to a router which trunks back
to 2 devices (microwave backhauls).

Chuck;

All ports are 10g except the 2 peers are 1g and trunk back to a 10g port
for the router wan

No TCN's

Brian;

I have tried a IBM G8124 and a Ubiquiti ES-16-XG both show same exact drops
across all ports, makes me think it's a config issue. MTU, FC, something.

Andrew;

I have tried with FC disabled, but I will try that one more time.

Mikael;

Is it possible to over run the buffers of a 320gbps backplane switch with
only 1.5gbps traffic? I think the switch is rated for 140m PPS and I'm only
pushing 100k PPS


On Tue, Nov 29, 2016 at 9:47 AM, Mikael Abrahamsson <swm...@swm.pp.se>
wrote:

> On Tue, 29 Nov 2016, TJ Trout wrote:
>
> Could this be MTU? I've tried flow control, hard code duplex, stp on/off
>> etc
>>
>
> As others have pointed out, you probably have a switch with small buffers.
>
> If you also have flow control and you have something that triggers flow
> control to turn off packet forwarding, your small-buffer-switch might fill
> up all (shared) buffers on that port and now you're dropping traffic to all
> ports.
>
> So trying to find if you have something where flow control is enabled and
> is being triggered might be something worthwhile to do, and also perhaps
> just turn off flow control on all ports to make sure.
>
> --
> Mikael Abrahamssonemail: swm...@swm.pp.se
>

10G switch drops traffic for a split second

[TJ Trout]

I recently upgraded my core network from 1G to 10G and after the upgrade I
have noticed that my 10G switch during peak traffic (1500mbps, 100,000pps)
seems to be dropping traffic for a split second across all ports and all
vlans. I immediately replaced the switch with a different brand/model and
the problem persists.

Sometimes traffic drops to zero, others it drops to 50%, problem is very
random but seems to occur with much more frequency during high PPS (pushing
high traffic / iperf does not induce problem)

Could this be MTU? I've tried flow control, hard code duplex, stp on/off etc

I'm at a loss any ideas?

TJ Trout
Volt Broadband

Re: Brocade Fabric Help

[TJ McCleve]

I would suggest opening a TAC to get the full details on why it’s happening if 
the root cause not readily apparent. Typically remediating a these types of 
mismatches entails copying the default config to startup (triggers a reload) 
and rejoining the fabric.

On 6/30/16, 1:41 PM, "NANOG on behalf of Mike Hammett"  wrote:

>I asked on the Brocade forum, but it's largely been crickets there. I hoped 
>someone here would have an idea. 
>
>One switch says: 23 Te 12/0/24 Up ISL segmented,(ESC mismatch, Distributed 
>Config DB)(Trunk Primary) 
>The other switch says: 23 Te 54/0/24 Up ISL segmented,(ESC mismatch, 
>Distributed Config DB)(Trunk Primary) 
>
>I saw that means, "The DCM Configuration DB is different on both the ends of 
>ISL," but I have no idea how to resolve that. 
>
>
>VDX-6720s running 4.1.3b. 
>
>
>
>
>- 
>Mike Hammett 
>Intelligent Computing Solutions 
>http://www.ics-il.com 
>
>
>
>Midwest Internet Exchange 
>http://www.midwest-ix.com 
>
>

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[TJ]

Hangouts Dialer gets you VOIP calls, whether WiFi or Cellular data is in
use ... albeit from your GVoice#, not native/telco number.

/TJ

On Tue Dec 16 2014 at 12:55:49 PM John R. Levine jo...@iecc.com wrote:

  I just with Wifi calling was ubiquitous.
 
  isn't it in every android phone since ~1yr ago?

 Yes, but it works poorly when walking the dog.

 R's,
 John

Re: IPv6 Default Allocation - What size allocation are you giving out

[TJ]

 On Thu, 2014-10-09 at 10:22 -0400, Daniel Corbe wrote:
  Has anyone successfully gotten a RIR to assign anything bigger than a
  /32?  I seem to recall in recent history someone tried to obtain a /31
  through ARIN and got smacked down.


Yes; ISTR several /20s and even a /19 were the largest ... until the US DoD
got the equivalent of a /13.

Quick looks:
https://www.sixxs.net/tools/grh/dfp/
http://www.nanog.org/mailinglist/mailarchives/old_archive/2008-05/msg00276.html


/TJ

Re: 2002::/16 [6to4] abuse

[TJ]

2002::/16 would be advertised by anyone *still *operating a 6to4 relay.

A host w/ only IPv4 connectivity could use 6to4 to get access to an
IPv6-only resource, thanks to automatic IPv6-in-IPv4 encapsulation
(Protocol41) and with a helping hand from publicly operated relays.
Someone with (only?) native IPv6 would not, normally / unintentionally, use
a 6to4 address.  In this case, af2c:785 being on both sides means it is (if
everyone is playing nicely / by the rules) a host at that v4 address doing
this automagically.

Pure supposition:  a compromised host that happens to have, and prefer,
6to4.


/TJ


On Wed, Sep 24, 2014 at 12:42 PM, David Hubbard 
dhubb...@dino.hostasaurus.com wrote:

 Curious if anyone can tell me, or point me to a link, on how 2002::/16
 is actually implemented for 6to4?  Strictly for curiosity.

 We had a customer ask about blocking spam from their wordpress blog that
 we host and the spammer was using 2002:af2c:785::af2c:785, which was the
 first time I'd seen wordpress spam coming from IPv6.  Per RFC3964, I'm
 guessing the 175.44.120.5 is just a relay router, not surprisingly, on
 the China Net network and the spammer was native v6?

 I see that net advertised from 6939 (HE) and 1103 (SURFnet Netherlands)
 from the perspective of my feeds, so that just got me more confused.

 Thanks,

 David

Re: Carrier Grade NAT

[TJ]

On Wed, Jul 30, 2014 at 11:45 AM, Owen DeLong o...@delong.com wrote:

 SNIP Amazon apparently recently hired Yurie Rich insert: and John
 Spence to work on their issues. /SNIP


And Yurie recently posted an opening for an IPv6 Engineer at same ... for
any so inclined.


/TJ

Re: Ars Technica on IPv4 exhaustion

[TJ]

On Wed, Jun 18, 2014 at 2:25 PM, Lee Howard l...@asgard.org wrote:


 Verizon Wireless and T-Mobile have great IPv6 deployments, too, maybe a
 couple more years for older handsets to age out.  Still, 50% of VzW LTE
 devices use IPv6 now.


ISTR that every VZW LTE device is IPv6 ready/capable/connected, and that it
is ~%50 of the _traffic_ that is IPv6 today.



 
 Everything I have at the colo is dual stacked, but I can't reach my own
 systems via IPv6 because my business class Verizon Fios connection is
 IPv4 *only*.

 Well there's your problem.


Yeah, Verizon and VZW are not the same animal ... FiOS *needs* to get their
IPv6 house in order.
Anyone have any information on that front ...?



  Yes, Comcast is in the process of rolling out IPv6, but my
 Comcast circuit in Washington DC is IPv4 only.  And I'd suspect that
 everyone with Time Warner, ATT, Cox, etc are all in the same boat.

 I think all of those companies offer IPv6 on their business-only services
 (e.g., fiber, ethernet, etc.). For access methods shared with residential
 users (i.e., DOCSIS, DSL), it's not rolled out yet. . . RSN.


I believe Comcast has completed something like 90%+ of their IPv6 rollout,
nationwide.  Maybe more ...
*(My residential circuit and business circuit, in different parts of
Northern VA, are both native IPv6 out of the box.)*


/TJ

Re: misunderstanding scale (was: Ipv4 end, its fake.)

[TJ]

On Mon, Mar 24, 2014 at 9:12 PM, Bob Evans b...@fiberinternetcenter.comwrote:


 Thus far, IPv6 has been the Field of Dreams  those of us who have
 built it, we know they have not yet come  (the IPv6 customers).  That's
 all this discussion is really about is when will they come.

 I know the core of the Internet will be IPv4 for many years. All one has
 to do is talk to a few customer to find out that they are in no hurry.
 It's a no-brainer, because , none of us charges a customer more than than
 lunch money for an IPv4 address.


While I will agree that it has taken longer than some of us thought /
expected I don't believe you can say no-one is coming.

My home (Comcast)  my phone (T-Mo) get native IPv6, automatically, no
extra charge - no special request - no special equipment.  Our 4g
hotspots are all dual-stack. We recently got a new Verizon (landline)
circuit for a job-site - came with a /48 automatically.  The carriers drive
this part of the boat - and some of them are doing so quite nicely
(finally).  Not all, but some of the biggest have done the most work ==
more eyeballs.

The content side is doing better as well; again - not all, but the big ones
are good wins.

The customers, the normal people that is, don't know or care.  We know
that.  On the enterprise side there is of course the cost  burden of
dealing with the legacy network that still, largely, works as they
expect.  And in the govt it is even worse, despite some mandates to the
contrary.  But that too will shift over time - and needn't hold up anyone
else's plans.  And when people who do care have IPv6 at home/on their phone
they will start to push that into said enterprises ... like I am doing :).


/TJ

Re: why IPv6 isn't ready for prime time, SMTP edition

[TJ]

In an attempt to get this thread back on topic:
* Does Google require rDNS for IPv4 mail sources?
If so, doing so for IPv6 shouldn't be a surprise.  Your current provider's
inability to support rDNS for IPv6 is not a protocol failure, it is a
provider failure.

If not, is there an additional operational reason for them to do so in
IPv6?  ... and in that case, I'd come to the same end result,
provider-failure.

... ?

/TJ

misunderstanding scale (was: Ipv4 end, its fake.)

[TJ]

Millions of IPs don't matter in the face of X billions of people, and
XX-XXX billions of devices - and this is just the near term estimate.
(And don't forget utilization efficiency  - Millions of IPs is not millions
of customers served.)

Do IPv6.
/TJ

On Mar 22, 2014 3:09 AM, Bryan Socha br...@digitalocean.com wrote:

 As someone growing in the end of ipv4, its all fake.Sure, the rirs
will
 run out, but that's boring.Don't believe the fake auction sites.
 Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for
no
 spam and $4 for legacy.Stop the inflation. Millions of IPS exist,
 there is no shortage and don't lie for rirs with IPS left.

Re: turning on comcast v6

[TJ]

I'd argue that while the timing may be different, RA and DHCP attacks are
largely the same and are simply variations on a theme.

And, regardless of the protocol in question, represent attacks which should
be defended against.

As is often (always?) the case, there are tradeoffs - and the pros and cons
of those tradeoffs will be weighted differently by different parties.

/TJ

On Jan 3, 2014 12:00 AM, Matthew Kaufman matt...@matthew.at wrote:

 On 12/30/2013 4:56 PM, Owen DeLong wrote:

 You can accomplish the same thing in IPv4….


 Plug in Sally’s PC with Internet Connection Sharing turned on and watch
as her
 DHCP server takes over your network.


 Not nearly as fast as bad RAs do (as others have pointed out).



 Yes, you have to pay attention when you plug in a router just like you’d
have to pay attention if you plugged in a DHCP server you were getting
ready to recycle.


 But the ability to plug in a not-router and break things is oh so much
greater.


 Incompetence in execution really isn’t the protocol’s fault.


 But it is the protocol designer's fault... and once shipped, the
protocol's fault. There's all sorts of things that were known at the time
IPv6 was designed that the designers failed to build solutions for. As an
example, routers *could* be a lot smarter about sending RAs on a network
where routers are already present, but that's not in the spec.

 Neither the ND DOS attack nor the need to protect against bogus RAs on
every port of your switch but one (or rarely, two) are things that should
have been a post-deployment surprise (to name just a couple pet peeves of
mine... there's more design flaws that could have been easily avoided had
enough people cared to do so).

 Matthew Kaufman

Re: minimum IPv6 announcement size

[TJ]

On Mon, Sep 30, 2013 at 9:32 AM, William Herrin b...@herrin.us wrote:

 snip

 IPv4 jumped from 8 bits to
  32 bits. Which when you think about it is the same ratio as jumping
 from 32 bits to 128 bits.


 Only insofar as the jump from 1 to 1000 is the same as the jump from 1000
is to 100 ... :)


/TJ

Re: RFC 1149

[TJ]

On Tue, Apr 2, 2013 at 3:41 PM, Owen DeLong o...@delong.com wrote:

 Never underestimate the bandwidth of a 747 full of DLT cartridges.

 Owen


XKCD is all over this: http://what-if.xkcd.com/31/
:)

/TJ

Re: What Should an Engineer Address when 'Selling' IPv6 to Executives?

[TJ]

 The low hurdle advantage remains only if the organisation starts soon and
 progresses incrementally. I suspect the longer v6 deployment is put off,
  the more this advantage is eroded.


Agreed; IMHO planning and starting sooner costs less than pushing it off
until it is a firedrill.
*Less in terms of money, service impact, PR complications, etc.*

And it is here now - my home has native IPv6 from Comcast, my phones have
native IPv6 from TMobile (and previously, from Verizon Wireless) ... the
only missing link in my daily life is my client site, which is:
a) why I am here
and
b) being held up by DISA :(.


/TJ

Re: IPV6 in enterprise best practices/white papaers

[TJ]

 Also, if a switch does not do MLD snooping, it will flood multicast to
 all ports. You lose one of the major benefits of IPv6 multicast - less
 admin traffic.

Agreed; but just to be fair: there is still a difference between
multicast being flodded everywhere and boradcast being flooded
everywhere ... L2 interrupt vs. L2+L3 interrupt; bigger difference
than it sounds ;).


/TJ

Re: IPV6 in enterprise best practices/white papaers

[TJ]

In principle, I agree with the EDGE-in approach.

However, if you need to do LAN before EDGE (e.g. DISA can't get you
connectivity but you need to make some progress) you need to block 
queries from getting replies.  BIND has a filter  on IPv4 option that
helps here ... (just don't give the hosts the v6 addresses of the  internal
DNS servers).

HTH,
/TJ
On Jan 26, 2013 12:49 PM, William Herrin b...@herrin.us wrote:

 On Sat, Jan 26, 2013 at 4:26 AM, Pavel Dimow paveldi...@gmail.com wrote:
  I can start to create
   record and PTR recors in DNS and after that I should configure my
  dhcp servers and after all has been done I can test ipv6 in LAN and
  after that I can start configure bgp with ISP.
  Is this correct procedure?

 Nope.

 In their infinite(simal) wisdom the architects of IPv6 determined that
 a host configured with both a global scope IPv6 address and an IPv4
 address will attempt IPv6 in preference to IPv4. If you configure IPv6
 on a LAN without first installing your IPv6 Internet connection, that
 LAN will break horribly.

 Work your way from the outside in: start with BGP, then the interior
 routers and configure the LAN last.

 Regards,
 Bill Herrin



 --
 William D. Herrin  her...@dirtside.com  b...@herrin.us
 3005 Crane Dr. .. Web: http://bill.herrin.us/
 Falls Church, VA 22042-3004

Re: Big day for IPv6 - 1% native penetration

[TJ]

  On Tue, 20 Nov 2012 10:14:18 +0100
 Tomas Podermanski tpo...@cis.vutbr.cz wrote:

  It seems that today is a big day for IPv6. It is the very first
  time when native IPv6 on google statistics
  (http://www.google.com/intl/en/ipv6/statistics.html) reached 1%. Some
  might say it is tremendous success after 16 years of deploying IPv6 :-)
 Funny enough, the peaks are indicating... week-ends !
 Do people use more google during the WE, or do they have more IPv6 @ home ?


 Purely anecdotally, I can say: Yes.
Atleast in my case I have native IPv6 at home and via my mobile devices,
but not at my client sites.
*Sidenote: That's why I am at those client sites, helping 'fix' that. ;) ...
*


/TJ

Re: Wired access to SMS?

[TJ]

On Tue, Oct 9, 2012 at 5:47 PM, William Herrin b...@herrin.us wrote:

 On Tue, Oct 9, 2012 at 5:05 PM, steve pirk [egrep] st...@pirk.com wrote:
  Have you looked at Google Voice much? I have mine set up to SMS all my
  devices, including email delivery, and can enable/disable devices as
  needed. The big benefit, is that I have an inbox full of all my old
 inbound
  and outbound text messages.


++1 on Google Voice.



 Hi Steve,

 Google voice is a fine service and if they sold it with an API, I
 might well buy it. As a free public service with a strictly unofficial
 API, I can't seriously consider using it in my product's critical
 path. I need a service whose provider is actually obligated to keep it
 working to the standard of resilience typical of the rest of my
 system.

 Let me put it another way: with google voice, google mail, google
 search you are not the customer. You're the product. I use gmail for
 my personal mail and I can live with that. For business services, I
 need to be the customer.



FWLIW - I think that is a bit harsh, even if mostly accurate.

I love GVoice for sending  receiving  texts across multiple devices, some
of which aren't cellular - or wired - at all :).
*(Also have phone calls ring not just my phones, but Skype and GChat as
well ...)*


/TJ

Re: RFC becomes Visio

[TJ]

 As a person who often draws out + scans diagrams, I support this message.

  Hand draw two squares, label them our AS and your AS with a line
  between them labeled GigE. Bonus points for pencil.


Exactly - hand draw it, scan it it in and save the .JPG/.PNG in a .VSD.
There, it is in Visio.


It is Friday, yes?
/TJ

Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)

[TJ]

 Running dual stack to residential consumers still has huge issues with
CPE.  It's not an environment where we have control over the router the
customer picks up at Walmart.   There is really very little point in
spending a lot of resources on something the consumer can't currently use.


Note: Some of us regular, residential customers can and do have native IPv6
at home ... off the shelf gear, default configs, etc.

Re: Big Temporary Networks

[TJ]

On Thu, Sep 20, 2012 at 2:21 AM, Masataka Ohta 
mo...@necom830.hpcl.titech.ac.jp wrote:

 David Miller wrote:

  So, a single example of IPv4 behaving in a suboptimal manner would be
  enough to declare IPv4 not operational?

 For example?


Heavy reliance on broadcast for a wide range of instances where the
traffic is really only destined for a single node would seem to be rather
sub-optimal.

/TJ

Re: The Department of Work and Pensions, UK has an entire /8

[TJ]

 Let us spin this another way. If you cannot even expect mild change such
 as 240/4 to become prevalent enough to be useful, on what do you base your
 optimism that the much larger changes IPv6 requires will?

 Joe


Easy - Greater return on the investment; i.e. - instead of getting an IPv4
/4 out of the effort you get an IPv6 Global Unicast Space of 2000::/3 (just
for starters, counting neither the rest of the unicast nor multicast, etc.
spaces.).

Also, the impact of the changes required is close to the same in that
every node needs to be touched - that is the hard part, getting updates
deployed.  *(Unless you want 240/4 to be a special/limited use case - in
which case the effort is smaller, but so is the reward ...)*


/TJ

Re: The Department of Work and Pensions, UK has an entire /8

[TJ]

 Let us spin this another way. If you cannot even expect mild change such
 as 240/4 to become prevalent enough to be useful, on what do you base
 your
 optimism that the much larger changes IPv6 requires will?

 Joe


  Easy - Greater return on the investment; i.e. - instead of getting an
 IPv4
 /4 out of the effort you get an IPv6 Global Unicast Space of 2000::/3
 (just
 for starters, counting neither the rest of the unicast nor multicast, etc.
 spaces.).



 ::/3
 /48
 /64

 Do you think we may ever come to regret baking that in? And use that
 regret to torpedo any attempts at change?


If we do ever grow to regret the /48 and /64 splits, I guess it is a good
thing we have 5 more /3s to deal with it ...



 As far as roi is concerned, we can make all the calculation we want.
 What we cannot do is force everyone else to come up with the same numbers
 we did.


We also cannot make everyone happy all of the time.
We can only do the best we can, and make it work as good as we can.
Such is life.



  Also, the impact of the changes required is close to the same in that
 every node needs to be touched - that is the hard part, getting updates
 deployed.  *(Unless you want 240/4 to be a special/limited use case - in
 which case the effort is smaller, but so is the reward ...)*

 The scope of the change is far far different, no matter the use case.
 Never more than a simple update.


Yes, but making a change (regardless of size) on a given platform is often
dwarfed by the effort of getting the update pushed out, to every possible
instance of said platform.  Multiply that by the number of platforms ...

With IPv6, it is a bigger single change (in code terms), but the hard part
(deployment) is roughly the same order of magnitude in deployment.

It is also easier to know if your platform is in an area that now has IPv6,
vs a router discovering whether or not the hosts understand the new /4.
That is, dual-stack (IPv4 + IPv6) create fewer problems than the
coexistence of nodes supporting 240/4 and not supporting 240/4.

And again, an additional IPv4 /4 is *just a bit smaller* than what IPv6
brings to the table ...


/TJ *... all IMHO / IME, of course.*

Re: Verizon IPv6 LTE

[TJ]

My understanding, and experience (albeit with Android), is that all VZW LTE
is IPv6-capable.

I'd love to hear if Apple or VZW is at fault here, or if something weird is
happening ...

/TJ
On Sep 20, 2012 8:28 PM, Seth Mattinen se...@rollernet.us wrote:

 Does Verizon have IPv6 on their LTE network everywhere or is it limited
 to specific regions? I ask because I have a Verizon LTE iPad just
 upgraded to iOS6 (which supposedly added this capability), but it's not
 getting an IPv6 address on the LTE interface. Or does Verizon now need
 to authorize these newly capable devices as IPv6-able?

 ~Seth

Re: Verizon IPv6 LTE

[TJ]

Did Apple use their version of Happy Eyeballs on the iPads?
ISTR they cache certain timeouts, so if IPv6 was failing before it may take
awhile for it to become preferred again.

/TJ


On Thu, Sep 20, 2012 at 9:37 PM, Seth Mattinen se...@rollernet.us wrote:

 On 9/20/12 6:33 PM, Seth Mattinen wrote:
 
  Huh, so I come home and now I'm getting IPv6 from Verizon LTE. But I
  definitely wasn't at the office. I verified with an app called IT
  Tools that shows the interfaces and routing table, plus it does
  traceroute/ping. Maybe the nearest tower over there doesn't support
  IPv6? Odd.
 


 Safari on the iPad seems to be preferring A over  if a hostname has
 both, though. I can browse to a bracketed IPv6 address so it is working.

 ~Seth

Re: Big Temporary Networks

[TJ]

SNIP

 The only thing operators have to know about IPv6 is that IPv6, as is
 currently specified, is not operational.



I think it is safe to say that this is provably false.
Are there opportunities for increased efficiency, perhaps ... however:

I get native IPv6 at home via my standard residential cable connection
using off the shelf CPE gear and standard OSes.
I get native IPv6 via my standard LTE devices, again - off the shelf - no
customization required.

*(Repeated emphasis on the use of standard, off the shelf components here
... no end-user hacking/tweaking, nor custom firmware loads, nor special
requests to the provider ... it just works.)*
*
*
Both of these have been properly functioning since being lit up.  Clearly,
atleast the two *rather large* operators involved *(Comcast  Verizon
Wireless, if it matters) *have deployed IPv6 in an operational fashion.  I
bet Hurricane Electric would *strongly* disagree as well.


*... Not to mention the enterprise networks and hosting facilities that
have also implemented IPv6 rather successfully, all of which are relying on
some carrier(s) to provide them connectivity.*
/TJ

Re: Big Temporary Networks

[TJ]

On Wed, Sep 19, 2012 at 9:24 PM, Masataka Ohta 
mo...@necom830.hpcl.titech.ac.jp wrote:


 A single counter example is enough to deny IPv6 operational.


Really?

If that is really your opinion, the entire conversation is a rather moot
point as I believe you and pretty much the rest of the world (again,
including all those who helped develop and have deployed / are deploying
IPv6) are not in agreement.
*Not saying popularity equals correctness, just that there is a sizable
counter-point to your statement.
*
Yes, the goal should be to minimize the special cases but there will
always some of those.  That is what the ~IPv6 over Foo series of
documents is all about, accommodating those needs ... A single counter
example is *only *enough to say that IPv6 does not *currently/ideally* fit
*that* deployment scenario and that, just perhaps, *that deployment* needs
some special consideration(s) on the part of IPv6.  It does not, in any
way, invalidate the protocol as a whole.

Let me ask, in your opinion:
Is the better and easier answer here to start from scratch, or to
identify the problem(s) and simply fix it(them) if warranted?


/TJ

Re: The End-To-End Internet (was Re: Blocking MX query)

[TJ]

On Tue, Sep 4, 2012 at 3:45 PM, William Herrin b...@herrin.us wrote:

 On Tue, Sep 4, 2012 at 2:22 PM, Jay Ashworth j...@baylink.com wrote:
  It is regularly alleged, on this mailing list, that NAT is bad *because
 it
  violates the end-to-end principle of the Internet*, where each host is a
  full-fledged host, able to connect to any other host to perform
 transactions.

 That's what firewalls *are for* Jay. They intentionally break
 end-to-end for communications classified by the network owner as
 undesirable. Whether a particular firewall employs NAT or not is
 largely beside the point here. Either way, the firewall is *supposed*
 to break some of the end to end communication paths.


Exactly - talking about a *(subtle?)* difference here.
1) Breaking the E2E model because your security policy (effectively)
dictates it.  For the record, this is fine as it is your decision for your
network.
2) Being forced to break that model by deficiencies in the underlying
protocol/address-family.  This is, shall we say, sub-optimal.

/TJ